CTS authorization list

iores · ‎05-15-2025

Hi,

I have two questions regarding:

cts authorization list mlist
aaa authorization network mlist group radius

1. What is the exact purpose of cts authorization list?

2. What mlist stands for?

I know that mlist stands for The Cisco TrustSec AAA server group but I am not sure what exactly should be put instead of mlist.

Rob Ingram · ‎05-15-2025

@iores "mlist" is the name of the method list used by trustsec for authorisation, "mlist" could be named anything you want. The CTS list is used to identify the ISE PSN nodes used by trustsec.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9400/software/release/17-17/configuration_guide/cts/b_1717_cts_9400_cg/cisco_trustsec_overview.html

iores · ‎05-15-2025

Not sure I understand you. Could you, please, provide some actual configuration?

Rob Ingram · ‎05-15-2025

@iores example

Torbjørn · ‎05-15-2025

1. This enables SGACL download from ISE

2. mlist here is just the name of a AAA server group. You should here put the name of the server group of your ISE servers.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

iores · ‎05-15-2025

So mlist contains the same value for both commands, and that is the name of AAA server group which contains PSN with TrustSec?

Torbjørn · ‎05-15-2025

That's correct. I recommend having a look at the materials that @Rob Ingram have linked here. They're both great resources for CTS config!

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev