Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
846
Views
0
Helpful
1
Replies

CTS permissions = false ?

Go to solution
ansabell@cisco.com
Cisco Employee
Cisco Employee

‎04-08-2016 01:46 PM

Endpoint connects to a Cisco switch (that supports SGT insertion/SGACL).  Endpoint is correctly profiled, and CoA (SGT) is passed back, and the switch shows the correct SGT-IP binding.  SGACL's are config'd to by dynamic, and when doing a "show cts rbacl" the SGACL show up (both the default permit statement + my unique SGACL ACE, but my unique ACE is not installed in the global ACL table.  When doing a  "show access-list" , the default ACE installs but my unique ACE isn't present.

Executing a "show cts role-based permissions" = FALSE.  I have the CTS role-based enforcement global command + the CTS role-based VLAN list command (as we're intending on using that).  Hoping I can get the permissions changed, I removed and re-added the commands just in case and refreshed the CTS policy + env, but no dice.

My assumption is that since the permissions are FALSE, the entry isn't being installed in the global ACL table.  How would one fix the permission?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎04-08-2016 02:28 PM

Anthony please contact TrustSec alias for TrustSec related support.

Hosuk

View solution in original post

0 Helpful
1 Reply 1

Go to solution
howon
Cisco Employee
Cisco Employee

‎04-08-2016 02:28 PM

Anthony please contact TrustSec alias for TrustSec related support.

Hosuk

0 Helpful
Customers Also Viewed These Support Documents