Which command used to enable SGACL globallly on a router interface?
A. cts role-based-enforcement
B. cts role-based monitor permissions from { sgt_num } to { dgt_num }][ ipv4 | ipv6 ]
C. cts role-based-basic
D. cts role-based-enable
Which command used to enable SGACL globallly on a router interface?
A. cts role-based-enforcement
B. cts role-based monitor permissions from { sgt_num } to { dgt_num }][ ipv4 | ipv6 ]
C. cts role-based-basic
D. cts role-based-enable
Correct answer is A
How to Configure CTS SGACL Support
Enabling SGACL Policy Enforcement Globally
To enable SGACL policy enforcement on Cisco TrustSec-enabled routed interfaces, perform this task:
enable
configure terminal
cts role-based enforcement
Enabling SGACL Policy Enforcement Per Interface
You can enable SGACL enforcement globally and disable on a specific interface with cts role-based enforcement command. SGACL enforcement can also be enabled on specific interfaces without enabling it globally.
To enable SGACL policy enforcement on interfaces, perform this task:
enable
configure terminal
interface GigabitEthernet 0/1/1
cts role-based enforcement
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cts/configuration/xe-16/sec-usr-cts-xe-16-book/sec-cts-sgacl.html