I have been troubleshooting a TCAM exhaustion issue on a 4500 (v3.6.3). The issue resolves itself when I remove 'cts role-based enforcement' from my global config. My question, do I really need that command for a L2 only switch? I still have the command 'cts role-based enforcement vlan-list all' enabled. Do I need both commands or just the vlan-list command? I am trying to do SGTs with SGACL enforcement. Thanks.