cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

318
Views
0
Helpful
1
Replies
Highlighted
Cisco Employee

CTS permissions = false ?

Endpoint connects to a Cisco switch (that supports SGT insertion/SGACL).  Endpoint is correctly profiled, and CoA (SGT) is passed back, and the switch shows the correct SGT-IP binding.  SGACL's are config'd to by dynamic, and when doing a "show cts rbacl" the SGACL show up (both the default permit statement + my unique SGACL ACE, but my unique ACE is not installed in the global ACL table.  When doing a  "show access-list" , the default ACE installs but my unique ACE isn't present.

Executing a "show cts role-based permissions" = FALSE.  I have the CTS role-based enforcement global command + the CTS role-based VLAN list command (as we're intending on using that).  Hoping I can get the permissions changed, I removed and re-added the commands just in case and refreshed the CTS policy + env, but no dice.

My assumption is that since the permissions are FALSE, the entry isn't being installed in the global ACL table.  How would one fix the permission?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: CTS permissions = false ?

Anthony please contact TrustSec alias for TrustSec related support.

Hosuk

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

Re: CTS permissions = false ?

Anthony please contact TrustSec alias for TrustSec related support.

Hosuk

View solution in original post