After configuring the Cisco TrustSec device credentials and AAA, you can verify the Cisco TrustSec SGACL policies downloaded
from the authentication server or configured manually. Cisco TrustSec downloads the SGACL policies when it learns of a new
SGT through authentication and authorization on an interface, from SXP, or from manual IP address to SGT mapping.
Using the keywords, you can display all or part of the permissions matrix:
If the from keyword is omitted, a column from the permissions matrix is displayed.
If the to keyword is omitted, a row from the permissions matrix is displayed.
If the from and to keywords are omitted, the entire permissions matrix is displayed.
If the from and to keywords are specified, a single cell from the permissions matrix is displayed and the details keyword is available. When details is entered, the ACEs of the SGACL of the single cell are displayed.
To display the contents of the SGACL policies permissions matrix, perform this task: