Cisco Nexus 5000 Series NX-OS TrustSec Command Reference
Show Commands
Download this chapter
Show CommandsShow Commands
Download the complete book
Cisco Nexus 5000 Series NX-OS TrustSec Command ReferenceCisco Nexus 5000 Series NX-OS TrustSec Command Reference (PDF - 310 KB)
 Feedback

Table Of Contents

Show Commands

show cts

show cts credentials

show cts environment-data

show cts interface

show cts pacs

show cts role-based access-list

show cts role-based counters

show cts role-based enable

show cts role-based policy

show cts role-based sgt-map

show cts sxp

show cts sxp connection

show running-config cts

show running-config dot1x

show startup-config cts

show startup-config dot1x


Show Commands

This chapter describes the Cisco NX-OS TrustSec show commands.

show cts

To display the global Cisco TrustSec configuration, use the show cts command.

show cts

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec global configuration: 

switch# show cts

CTS Global Configuration

==============================

  CTS support           : enabled

  CTS device identity   : not configured

  SGT                   : 0

  CTS caching support   : disabled

  Number of CTS interfaces in

    DOT1X mode : 0

    Manual mode : 1

switch#

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature.


show cts credentials

To display the Cisco TrustSec device credentials configuration, use the show cts credentials command.

show cts credentials

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec credentials configuration: 

switch# show cts credentials

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature.


show cts environment-data

To display the global Cisco TrustSec environment data, use the show cts environment-data command.

show cts environment-data

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

The Cisco NX-OS device downloads the Cisco TrustSec environment data from the ACS after you have configured the Cisco TrustSec credentials for the device and configured authentication, authorization, and accounting (AAA).

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec environment data: 

switch# show cts environment-data

CTS Environment Data

==============================

  Current State           : CTS_ENV_DNLD_ST_INIT_STATE

  Last Status             : CTS_ENV_INCOMPLETE

  Local Device SGT        : 0x0000

  Transport Type          : CTS_ENV_TRANSPORT_DIRECT

  Data loaded from cache  : FALSE

  Env Data Lifetime       :

  Last Update Time        : Never

  Server List             :

     AID: IP: Port:

switch#

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature.


show cts interface

To display the Cisco TrustSec information for interfaces, use the show cts interface command.

show cts interface {all | ethernet slot/port | vethernet veth-num}

Syntax Description

all

Displays Cisco TrustSec information for all interfaces.

ethernet slot/port

Displays Cisco TrustSec information for the specific Ethernet interface. The slot number is from 1 to 255 and the port number is from 1 to 48.

vethernet veth-num

Displays Cisco TrustSec information for the specific virtual Ethernet (vEthe) interface. The virtual Ethernet interface number is from 1 to 1048575.


Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

You must enable the Cisco Virtual Machine on the switch by using the feature-set virtualization command to see the vethernet keyword.

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec configuration for a specific interface: 

switch# show cts interface ethernet 1/5

CTS Information for Interface Ethernet1/5:

    CTS is enabled, mode:   CTS_MODE_MANUAL

    IFC state:              Unknown

    Authentication Status:  CTS_AUTHC_INIT

      Peer Identity:

      Peer is:              Unknown in manual mode

      802.1X role:          CTS_ROLE_UNKNOWN

      Last Re-Authentication:

    Authorization Status:   CTS_AUTHZ_INIT

      PEER SGT:             3

      Peer SGT assignment:  Not Trusted

    SAP Status:             CTS_SAP_INIT

      Configured pairwise ciphers:

      Replay protection:

      Replay protection mode:

      Selected cipher:

      Current receive SPI:

      Current transmit SPI:

    Propagate SGT: Enabled

switch#

This example shows how to display the Cisco TrustSec configuration for all interfaces: 

switch# show cts interface all

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature.

feature-set virtualization

Enables the Cisco Virtual Machine features on the switch.


show cts pacs

To display the Cisco TrustSec protect access credentials (PACs) provisioned by EAP-FAST, use the show cts pacs command.

show cts pacs

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec global configuration: 

switch# show cts pacs

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature.


show cts role-based access-list

To display the global Cisco TrustSec security group access control list (SGACL) configuration, use the show cts role-based access-list command.

show cts role-based access-list [list-name]

Syntax Description

list-name

(Optional) SGACL name.


Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec SGACL configuration: 

switch# show cts role-based access-list

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature.


show cts role-based counters

To display the configuration status of role-based access control list (RBACL) statistics and list the statistics for all RBACL policies, use the show cts role-based counters command.

show cts role-based counters

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

To use this command, you must enable the Cisco TrustSec feature using the feature cts command. You must also enable Cisco TrustSec counters using the cts role-based counters enable command.

This command does not require a license.

Examples

This example shows how to display the configuration status of RBACL statistics: 

switch# show cts role-based counters

RBACL policy counters enabled

Counters last cleared: Never

rbacl:ACS_1101_15

        permit icmp log                                 [0]

        permit tcp log                                  [0]

        deny udp log                                  [0]

switch#

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature on the switch.

clear cts role-based counters

Clears the RBACL statistics so that all counters are reset to 0.

cts role-based counters enable

Enables the RBACL statistics.


show cts role-based enable

To display the Cisco TrustSec security group access control list (SGACL) enable status for VLANs, use the show cts role-based enable command.

show cts role-based enable

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec SGACL enforcement status: 

switch# show cts role-based enable

vlan:102

switch#

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature.

cts role-based enforcement

Enables role-based access control list (RBACL) enforcement on VLANs.


show cts role-based policy

To display the global Cisco TrustSec security group access control list (SGACL) policies, use the show cts role-based policy command.

show cts role-based policy

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec SGACL policies: 

switch# show cts role-based policy

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature.


show cts role-based sgt-map

To display the global Cisco TrustSec Security Group Tag (SGT) mapping configuration, use the show cts role-based sgt-map command.

show cts role-based sgt-map

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec SGT mapping configuration: 

switch# show cts role-based sgt-map

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature.


show cts sxp

To display the Cisco TrustSec Security Group Tag (SGT) Exchange Protocol (SXP) configuration, use the show cts sxp command.

show cts sxp

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec SXP configuration: 

switch# show cts sxp

CTS SXP Configuration:

SXP enabled

SXP retry timeout:60

SXP reconcile timeout:120

switch#

Related Commands

Command
Description

feature cts

Enables the Cisco TrustSec feature.


show cts sxp connection

To display the Cisco TrustSec Security Group Tag (SGT) Exchange Protocol (SXP) connections information, use the show cts sxp connection command.

show cts sxp connection

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec Security Group Tag (SGT) Exchange Protocol (SXP) connections information: 

switch# show cts sxp connection

PEER_IP_ADDR    VRF             PEER_SXP_MODE   SELF_SXP_MODE   CONNECTION STATE

192.0.2.1       default         listener        speaker         initializing

switch#

Related Commands

Command
Description

cts sxp connection peer

Configures a SXP peer connection.

feature cts

Enables the Cisco TrustSec feature.


show running-config cts

To display the Cisco TrustSec configuration in the running configuration, use the show running-config cts command.

show running-config cts

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec configuration in the running configuration: 

switch# show running-config cts

!Command: show running-config cts

!Time: Thu Jan  1 05:33:03 2009

version 6.0(0)N1(1)

feature cts

cts role-based counters enable

cts sxp enable

cts sxp connection peer 192.0.2.1 password none mode listener

interface Ethernet1/5

  cts manual

    policy static sgt 0x3

switch#

Related Commands

Command
Description

copy running-config startup-config

Copies the running configuration information to the startup configuration file.

feature cts

Enables the Cisco TrustSec feature.


show running-config dot1x

To display 802.1X configuration information in the running configuration, use the show running-config dot1x command.

show running-config dotx1 [all]

Syntax Description

all

(Optional) Displays configured and default information.


Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

You must enable the 802.1X feature by using the feature dot1x command before using this command.

This command does not require a license.

Examples

This example shows how to display the configured 802.1X information in the running configuration: 

switch# show running-config dot1x

Related Commands

Command
Description

copy running-config startup-config

Copies the running system configuration information to the startup configuration file.

feature cts

Enables the Cisco TrustSec feature on the switch.

feature dot1x

Enables the 802.1X feature on the switch.


show startup-config cts

To display the Cisco TrustSec configuration information in the startup configuration, use the show startup-config cts command.

show startup-config cts

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to display the Cisco TrustSec information in the startup configuration: 

switch# show startup-config cts

Related Commands

Command
Description

copy running-config startup-config

Copies the running configuration information to the startup configuration file.


show startup-config dot1x

To display 802.1X configuration information in the startup configuration, use the show startup-config dot1x command.

show startup-config dot1x

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Any command mode

Command History

Release
Modification

5.1(3)N1(1)

This command was introduced.


Usage Guidelines

You must enable the 802.1X feature by using the feature dot1x command before using this command.

This command does not require a license.

Examples

This example shows how to display the 802.1X information in the startup configuration: 

switch# show startup-config dot1x

Related Commands

Command
Description

copy running-config startup-config

Copies the running configuration information to the startup configuration file.