The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS TrustSec show commands.
To display the global Cisco TrustSec configuration, use the show cts command.
|
|
This example shows how to display the Cisco TrustSec global configuration:
|
|
---|---|
To display the Cisco TrustSec device credentials configuration, use the show cts credentials command.
|
|
This example shows how to display the Cisco TrustSec credentials configuration:
|
|
---|---|
To display the global Cisco TrustSec environment data, use the show cts environment-data command.
|
|
The Cisco NX-OS device downloads the Cisco TrustSec environment data from the ACS after you have configured the Cisco TrustSec credentials for the device and configured authentication, authorization, and accounting (AAA).
This example shows how to display the Cisco TrustSec environment data:
|
|
---|---|
To display the Cisco TrustSec information for interfaces, use the show cts interface command.
show cts interface { all | ethernet slot /[QSFP-module/] port | vethernet veth-num }
|
|
You must enable the Cisco Virtual Machine on the switch by using the feature-set virtualization command to see the vethernet keyword.
This example shows how to display the Cisco TrustSec configuration for a specific interface:
This example shows how to display the Cisco TrustSec configuration for all interfaces:
|
|
---|---|
To display the Cisco TrustSec protect access credentials (PACs) provisioned by EAP-FAST, use the show cts pacs command.
|
|
This example shows how to display the Cisco TrustSec global configuration:
|
|
---|---|
To display the global Cisco TrustSec security group access control list (SGACL) configuration, use the show cts role-based access-list command.
show cts role-based access-list [ list-name ]
|
|
This example shows how to display the Cisco TrustSec SGACL configuration:
|
|
---|---|
To display the configuration status of role-based access control list (RBACL) statistics and list the statistics for all RBACL policies, use the show cts role-based counters command.
|
|
To use this command, you must enable the Cisco TrustSec feature using the feature cts command. You must also enable Cisco TrustSec counters using the cts role-based counters enable command.
This example shows how to display the configuration status of RBACL statistics:
|
|
---|---|
Clears the RBACL statistics so that all counters are reset to 0. |
|
To display the Cisco TrustSec security group access control list (SGACL) enable status for VLANs, use the show cts role-based enable command.
|
|
This example shows how to display the Cisco TrustSec SGACL enforcement status:
|
|
---|---|
Enables role-based access control list (RBACL) enforcement on VLANs. |
To display the global Cisco TrustSec security group access control list (SGACL) policies, use the show cts role-based policy command.
|
|
This example shows how to display the Cisco TrustSec SGACL policies:
|
|
---|---|
To display the global Cisco TrustSec Security Group Tag (SGT) mapping configuration, use the show cts role-based sgt-map command.
|
|
This example shows how to display the Cisco TrustSec SGT mapping configuration:
|
|
---|---|
To display the Cisco TrustSec Security Group Tag (SGT) Exchange Protocol (SXP) configuration, use the show cts sxp command.
|
|
This example shows how to display the Cisco TrustSec SXP configuration:
|
|
---|---|
To display the Cisco TrustSec Security Group Tag (SGT) Exchange Protocol (SXP) connections information, use the show cts sxp connection command.
|
|
This example shows how to display the Cisco TrustSec Security Group Tag (SGT) Exchange Protocol (SXP) connections information:
|
|
---|---|
To display the Cisco TrustSec configuration in the running configuration, use the show running-config cts command.
|
|
This example shows how to display the Cisco TrustSec configuration in the running configuration:
|
|
---|---|
Copies the running configuration information to the startup configuration file. |
|
To display 802.1X configuration information in the running configuration, use the show running-config dot1x command.
show running-config dotx1 [ all ]
|
|
You must enable the 802.1X feature by using the feature dot1x command before using this command.
This example shows how to display the configured 802.1X information in the running configuration:
|
|
---|---|
Copies the running system configuration information to the startup configuration file. |
|
To display the Cisco TrustSec configuration information in the startup configuration, use the show startup-config cts command.
|
|
This example shows how to display the Cisco TrustSec information in the startup configuration:
|
|
---|---|
Copies the running configuration information to the startup configuration file. |
To display 802.1X configuration information in the startup configuration, use the show startup-config dot1x command.
|
|
You must enable the 802.1X feature by using the feature dot1x command before using this command.
This example shows how to display the 802.1X information in the startup configuration:
|
|
---|---|
Copies the running configuration information to the startup configuration file. |