cts role-based enforcement

To enable role-based access control list (RBACL) enforcement on a VLAN, use the cts role-based enforcement command. To disable RBACL enforcement on a VLAN, use the no form of this command.

cts role-based enforcement

no cts role-based enforcement

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled

Command Modes

VLAN configuration mode

Command History

Release
Modification
5.1(3)N1(1)
This command was introduced.

Usage Guidelines

To use this command, you must first enable the 802.1X feature by using the feature dot1x command and then enable the Cisco TrustSec feature using the feature cts command.

RBACL enforcement is enabled on per-VLAN basis. RBACL enforcement cannot be enabled on routed VLANs or interfaces. For RBACL enforcement changes to take effect, you must exit from the VLAN configuration mode.

This command does not require a license.

Examples

This example shows how to enable RBACL enforcement on a VLAN and verifies the status:

switch# configure terminal
switch(config)# vlan 5
switch(config-vlan)# cts role-based enforcement
switch(config-vlan)# exit
switch(config)# show cts role-based enable
vlan:102
switch(config)#
 

This example shows how to disable RBACL enforcement on a VLAN:

switch# configure terminal
switch(config)# vlan 5
switch(config-vlan)# no cts role-based enforcement
switch(config-vlan)#

Related Commands

Command
Description
feature dot1x
Enables the 802.1X feature on the switch.
show cts role-based enable
Displays the VLANs that has RBACL enabled.