06-18-2019 08:52 PM
If FinalCatchAllRule in Default egress rule is set to Deny_IP on TrustSec EgressPolicy Matrix screen, it seems that not only overlay but also underlay communication will be denied.
I want to know the setting that only overlay communication is rejected by default without affecting underlay communication.
Regards
06-20-2019 11:57 AM
As long as you have "no cts role-based enforcement" on the port config or no cts configured at all on the port you there shouldnt be a problem.
06-23-2019 09:54 PM
Thank you for the information.
Currently, “cts role-based enforcement” is set to the physical port.
Neither “cts role-based enforcement” nor “no cts role-based enforcement” is set for VLAN.
And, the following two lines are input in configuration mode:
cts role-based enforcement
cts role-based enforcement vlan-list 1023
By setting “no cts role-based enforcement” to the physical port, does it mean that the default EgressPolicy can be reflected only on the overlay without affecting the underlay?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide