manualshive.com logo in svg

Cisco SGACL, Configuration Manual

The Cisco SGACL Configuration Manual is a comprehensive guide for understanding and configuring the Cisco SGACL product. This manual is available for free download from our website, providing users with the necessary information to maximize their experience with SGACL. Explore its features and benefits today!

Share
Download
background image

C H A P T E R

 

5-1

Cisco TrustSec Switch Configuration Guide

OL-22192-02

5

Configuring SGACL Policies

Revised: August 15, 2013, OL-22192-02

This section includes the following topics:

Cisco TrustSec SGACL Feature Histories, page 5-1

SGACL Policy Configuration Process, page 5-2

Enabling SGACL Policy Enforcement Globally, page 5-2

Enabling SGACL Policy Enforcement Per Interface, page 5-3

Enabling SGACL Policy Enforcement on VLANs, page 5-3

Manually Configuring SGACL Policies, page 5-4

Displaying SGACL Policies, page 5-6

Refreshing the Downloaded SGACL Policies, page 5-7

Cisco TrustSec SGACL Feature Histories 

For a list of supported TrustSec features per platform and the minimum required IOS release, see 
the

 Cisco TrustSec Platform Support Matrix

 at the following URL: 

http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html

Otherwise, see product release notes for detailed feature introduction information. 

Summary of Contents for SGACL

Page 1: ...er Interface page 5 3 Enabling SGACL Policy Enforcement on VLANs page 5 3 Manually Configuring SGACL Policies page 5 4 Displaying SGACL Policies page 5 6 Refreshing the Downloaded SGACL Policies page 5 7 Cisco TrustSec SGACL Feature Histories For a list of supported TrustSec features per platform and the minimum required IOS release see the Cisco TrustSec Platform Support Matrix at the following U...

Page 2: ...SE will override any conflicting locally defined policy Step 2 To enable SGACL policy enforcement on egress traffic on routed ports enable SGACL policy enforcement globally as described in the Enabling SGACL Policy Enforcement Globally section on page 5 2 Step 3 To enable SGACL policy enforcement on switched traffic within a VLAN or on traffic that is forwarded to an SVI associated with a VLAN ena...

Page 3: ...d traffic within a VLAN or to traffic that is forwarded to an SVI associated with a VLAN To enable SGACL policy enforcement on a VLAN or a VLAN list perform this task Detailed Steps Catalyst 6500 Configuration Examples for Enabling SGACL Policy Enforcement on VLANs Catalyst 3850 Switch configure terminal Switch config cts role based enforcement vlan list 31 35 41 Switch config exit Command Purpose...

Page 4: ...tailed Steps for Catalyst 3850 Command Purpose Step 1 Router configure terminal Enters global configuration mode Step 2 ip access list role based rbacl name Example Switch config ip access list role based allow_webtraff Creates a Role based ACL and enters Role based ACL configuration mode Step 3 sequence number default permit deny remark Example Switch config rb acl 10 permit tcp dst eq 80 dst eq ...

Page 5: ...d permissions from 50 to 70 XXX need output XX Step 5 no cts role based permissions default from sgt_num unknown to dgt_num unknown rbacls ipv4 rbacls Example Switch config cts role based permissions from 55 to 66 allow_webtraff Binds SGTs and DGTs to the RBACL The configuration is analogous to populating the permission matrix configured on the Cisco ISE or the Cisco Secure ACS Default Default per...

Page 6: ...row from the permissions matrix is displayed If the from and to keywords are omitted the entire permissions matrix is displayed If the from and to keywords are specified a single cell from the permissions matrix is displayed and the details keyword is available When details is entered the ACEs of the SGACL of the single cell are displayed This example shows how to display the content of the SGACL ...

Page 7: ...s refresh policy peer my_cisco_ise Performs an immediate refresh of the SGACL policies from the authentication server If a peer id is specified only the policies related to the specified peer connection are refreshed To refresh all peer policies press Enter without specifying an ID If an SGT number is specified only the policies related to that SGT are refreshed To refresh all security group tag p...

Page 8: ...5 8 Cisco TrustSec Switch Configuration Guide OL 22192 02 Chapter 5 Configuring SGACL Policies Refreshing the Downloaded SGACL Policies ...

Reviews:

No comments

Related manuals for SGACL

Olympus E-20 - Dual Monaural Earphones Software Installation Manual preview
E-20 - Dual Monaural Earphones
Brand: Olympus Pages: 2
AMD RAIDXpert User Manual preview
RAIDXpert
Brand: AMD Pages: 120
TANDBERG Compliance Appliance Deployment Manual preview
Compliance Appliance
Brand: TANDBERG Pages: 41
PS Audio PowerPlay Programming Manual preview
PowerPlay
Brand: PS Audio Pages: 6
Vaisala DigiCORA 3.64 Technical Note preview
DigiCORA 3.64
Brand: Vaisala Pages: 22
Omron WS02-NCTC1-E - 07-2001 Operation Manual preview
WS02-NCTC1-E - 07-2001
Brand: Omron Pages: 116
Primera PrimoDVD User Manual preview
PrimoDVD
Brand: Primera Pages: 19
MACROMEDIA DRUMBEAT 2000 ECOMMERCE EDITION User Manual preview
DRUMBEAT 2000 ECOMMERCE EDITION
Brand: MACROMEDIA Pages: 238
Panasonic PTF100NTU - LCD PROJECTOR Specifications preview
PTF100NTU - LCD PROJECTOR
Brand: Panasonic Pages: 2
Panasonic SZ-CB8P Operating Instructions preview
SZ-CB8P
Brand: Panasonic Pages: 4
Panasonic PT-LW80NT Spec File preview
PT-LW80NT
Brand: Panasonic Pages: 10
Panasonic Media Manager V2.1 Basic Operating Instructions Manual preview
Media Manager V2.1
Brand: Panasonic Pages: 28
Panasonic Lumix VQT0U14 ( ) Operating Instructions Manual preview
Lumix VQT0U14 ( )
Brand: Panasonic Pages: 36
Panasonic WJ-ASC960 Operating Instructions Manual preview
WJ-ASC960
Brand: Panasonic Pages: 70
Panasonic PANATERM Ver. 3.7 Instruction Manual preview
PANATERM Ver. 3.7
Brand: Panasonic Pages: 78
Panasonic Voice Editing Ver.2.0 Operating Instructions Manual preview
Voice Editing Ver.2.0
Brand: Panasonic Pages: 132
Panasonic WV-AS65 Operating Instructions Manual preview
WV-AS65
Brand: Panasonic Pages: 156
Amanda Amanda@Work.Group/DOS Version 7.xx User Manual preview
[email protected]/DOS Version 7.xx
Brand: Amanda Pages: 84

Brands by name

Popular brands

Load more brands