- show cts
- show cts credentials
- show cts environment-data
- show cts interface
- show cts pacs
- show cts role-based access-list
- show cts role-based counters
- show cts role-based enable
- show cts role-based policy
- show cts role-based sgt-map
- show cts sxp
- show cts sxp connection
- show running-config cts
- show running-config dot1x
- show startup-config cts
- show startup-config dot1x
Show Commands
This chapter describes the Cisco NX-OS TrustSec show commands.
show cts
To display the global Cisco TrustSec configuration, use the show cts command.
show cts
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec global configuration:
switch# show cts
CTS Global Configuration
==============================
CTS support : enabled
CTS device identity : not configured
SGT : 0
CTS caching support : disabled
Number of CTS interfaces in
DOT1X mode : 0
Manual mode : 1
switch#
Related Commands
|
|
|
|---|---|
feature cts |
Enables the Cisco TrustSec feature. |
show cts credentials
To display the Cisco TrustSec device credentials configuration, use the show cts credentials command.
show cts credentials
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec credentials configuration:
switch# show cts credentials
Related Commands
|
|
|
|---|---|
feature cts |
Enables the Cisco TrustSec feature. |
show cts environment-data
To display the global Cisco TrustSec environment data, use the show cts environment-data command.
show cts environment-data
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
The Cisco NX-OS device downloads the Cisco TrustSec environment data from the ACS after you have configured the Cisco TrustSec credentials for the device and configured authentication, authorization, and accounting (AAA).
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec environment data:
switch# show cts environment-data
CTS Environment Data
==============================
Current State : CTS_ENV_DNLD_ST_INIT_STATE
Last Status : CTS_ENV_INCOMPLETE
Local Device SGT : 0x0000
Transport Type : CTS_ENV_TRANSPORT_DIRECT
Data loaded from cache : FALSE
Env Data Lifetime :
Last Update Time : Never
Server List :
AID: IP: Port:
switch#
Related Commands
|
|
|
|---|---|
feature cts |
Enables the Cisco TrustSec feature. |
show cts interface
To display the Cisco TrustSec information for interfaces, use the show cts interface command.
show cts interface {all | ethernet slot/port | vethernet veth-num}
Syntax Description
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
You must enable the Cisco Virtual Machine on the switch by using the feature-set virtualization command to see the vethernet keyword.
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec configuration for a specific interface:
switch# show cts interface ethernet 1/5
CTS Information for Interface Ethernet1/5:
CTS is enabled, mode: CTS_MODE_MANUAL
IFC state: Unknown
Authentication Status: CTS_AUTHC_INIT
Peer Identity:
Peer is: Unknown in manual mode
802.1X role: CTS_ROLE_UNKNOWN
Last Re-Authentication:
Authorization Status: CTS_AUTHZ_INIT
PEER SGT: 3
Peer SGT assignment: Not Trusted
SAP Status: CTS_SAP_INIT
Configured pairwise ciphers:
Replay protection:
Replay protection mode:
Selected cipher:
Current receive SPI:
Current transmit SPI:
Propagate SGT: Enabled
switch#
This example shows how to display the Cisco TrustSec configuration for all interfaces:
switch# show cts interface all
Related Commands
|
|
|
|---|---|
feature cts |
Enables the Cisco TrustSec feature. |
feature-set virtualization |
Enables the Cisco Virtual Machine features on the switch. |
show cts pacs
To display the Cisco TrustSec protect access credentials (PACs) provisioned by EAP-FAST, use the show cts pacs command.
show cts pacs
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec global configuration:
switch# show cts pacs
Related Commands
|
|
|
|---|---|
feature cts |
Enables the Cisco TrustSec feature. |
show cts role-based access-list
To display the global Cisco TrustSec security group access control list (SGACL) configuration, use the show cts role-based access-list command.
show cts role-based access-list [list-name]
Syntax Description
list-name |
(Optional) SGACL name. |
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec SGACL configuration:
switch# show cts role-based access-list
Related Commands
|
|
|
|---|---|
feature cts |
Enables the Cisco TrustSec feature. |
show cts role-based counters
To display the configuration status of role-based access control list (RBACL) statistics and list the statistics for all RBACL policies, use the show cts role-based counters command.
show cts role-based counters
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
To use this command, you must enable the Cisco TrustSec feature using the feature cts command. You must also enable Cisco TrustSec counters using the cts role-based counters enable command.
This command does not require a license.
Examples
This example shows how to display the configuration status of RBACL statistics:
switch# show cts role-based counters
RBACL policy counters enabled
Counters last cleared: Never
rbacl:ACS_1101_15
permit icmp log [0]
permit tcp log [0]
deny udp log [0]
switch#
Related Commands
show cts role-based enable
To display the Cisco TrustSec security group access control list (SGACL) enable status for VLANs, use the show cts role-based enable command.
show cts role-based enable
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec SGACL enforcement status:
switch# show cts role-based enable
vlan:102
switch#
Related Commands
|
|
|
|---|---|
feature cts |
Enables the Cisco TrustSec feature. |
cts role-based enforcement |
Enables role-based access control list (RBACL) enforcement on VLANs. |
show cts role-based policy
To display the global Cisco TrustSec security group access control list (SGACL) policies, use the show cts role-based policy command.
show cts role-based policy
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec SGACL policies:
switch# show cts role-based policy
Related Commands
|
|
|
|---|---|
feature cts |
Enables the Cisco TrustSec feature. |
show cts role-based sgt-map
To display the global Cisco TrustSec Security Group Tag (SGT) mapping configuration, use the show cts role-based sgt-map command.
show cts role-based sgt-map
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec SGT mapping configuration:
switch# show cts role-based sgt-map
Related Commands
|
|
|
|---|---|
feature cts |
Enables the Cisco TrustSec feature. |
show cts sxp
To display the Cisco TrustSec Security Group Tag (SGT) Exchange Protocol (SXP) configuration, use the show cts sxp command.
show cts sxp
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec SXP configuration:
switch# show cts sxp
CTS SXP Configuration:
SXP enabled
SXP retry timeout:60
SXP reconcile timeout:120
switch#
Related Commands
|
|
|
|---|---|
feature cts |
Enables the Cisco TrustSec feature. |
show cts sxp connection
To display the Cisco TrustSec Security Group Tag (SGT) Exchange Protocol (SXP) connections information, use the show cts sxp connection command.
show cts sxp connection
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec Security Group Tag (SGT) Exchange Protocol (SXP) connections information:
switch# show cts sxp connection
PEER_IP_ADDR VRF PEER_SXP_MODE SELF_SXP_MODE CONNECTION STATE
192.0.2.1 default listener speaker initializing
switch#
Related Commands
|
|
|
|---|---|
cts sxp connection peer |
Configures a SXP peer connection. |
feature cts |
Enables the Cisco TrustSec feature. |
show running-config cts
To display the Cisco TrustSec configuration in the running configuration, use the show running-config cts command.
show running-config cts
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec configuration in the running configuration:
switch# show running-config cts
!Command: show running-config cts
!Time: Thu Jan 1 05:33:03 2009
version 6.0(0)N1(1)
feature cts
cts role-based counters enable
cts sxp enable
cts sxp connection peer 192.0.2.1 password none mode listener
interface Ethernet1/5
cts manual
policy static sgt 0x3
switch#
Related Commands
|
|
|
|---|---|
copy running-config startup-config |
Copies the running configuration information to the startup configuration file. |
feature cts |
Enables the Cisco TrustSec feature. |
show running-config dot1x
To display 802.1X configuration information in the running configuration, use the show running-config dot1x command.
show running-config dotx1 [all]
Syntax Description
all |
(Optional) Displays configured and default information. |
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
You must enable the 802.1X feature by using the feature dot1x command before using this command.
This command does not require a license.
Examples
This example shows how to display the configured 802.1X information in the running configuration:
switch# show running-config dot1x
Related Commands
show startup-config cts
To display the Cisco TrustSec configuration information in the startup configuration, use the show startup-config cts command.
show startup-config cts
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Cisco TrustSec information in the startup configuration:
switch# show startup-config cts
Related Commands
|
|
|
|---|---|
copy running-config startup-config |
Copies the running configuration information to the startup configuration file. |
show startup-config dot1x
To display 802.1X configuration information in the startup configuration, use the show startup-config dot1x command.
show startup-config dot1x
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
Any command mode
Command History
|
|
|
5.1(3)N1(1) |
This command was introduced. |
Usage Guidelines
You must enable the 802.1X feature by using the feature dot1x command before using this command.
This command does not require a license.
Examples
This example shows how to display the 802.1X information in the startup configuration:
switch# show startup-config dot1x
Related Commands
|
|
|
|---|---|
copy running-config startup-config |
Copies the running configuration information to the startup configuration file. |
Feedback