Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1624
Views
5
Helpful
2
Replies

About Default egress rule

Keisuke.I
Level 1
Level 1

‎06-18-2019 08:52 PM

If FinalCatchAllRule in Default egress rule is set to Deny_IP on TrustSec EgressPolicy Matrix screen, it seems that not only overlay but also underlay communication will be denied.

 

I want to know the setting that only overlay communication is rejected by default without affecting underlay communication.

 

Regards

0 Helpful
2 Replies 2

ldanny
Cisco Employee
Cisco Employee

‎06-20-2019 11:57 AM

As long as you have "no cts role-based enforcement" on the port config or no cts configured at all on the port you there shouldnt be a problem.

 

0 Helpful

Keisuke.I
Level 1
Level 1
In response to ldanny

‎06-23-2019 09:54 PM

Thank you for the information.

 

Currently, “cts role-based enforcement” is set to the physical port.

Neither “cts role-based enforcement” nor “no cts role-based enforcement” is set for VLAN.

 

And, the following two lines are input in configuration mode:

 cts role-based enforcement

 cts role-based enforcement vlan-list 1023

 

By setting no cts role-based enforcement to the physical port, does it mean that the default EgressPolicy can be reflected only on the overlay without affecting the underlay?

 

Customers Also Viewed These Support Documents