
Chapter 1 Controlling CSS Access
Controlling Administrative Access to the CSS
Controlling Administrative Access to the CSS
CSS access through a console, FTP, SSH, SNMP, and Telnet is enabled by default. The CSS supports a maximum of four FTP sessions and a maximum of four Telnet sessions. Use the restrict and no restrict commands to enable or disable console, FTP, SNMP, SSH, Telnet, user database, secure and unsecure XML, and web management data transfer to the CSS.
Specifying the restrict command does not prevent the CSS from listening for connection attempts on the restricted port. For TCP connections, the CSS completes the TCP
To secure restricted ports from unauthorized access, configure ACL clauses to deny packets destined to these ports, while permitting normal traffic to flow through the CSS. You can also use ACLs to secure the CSS itself. See the “Controlling CSS Network Traffic Through Access Control Lists” section for information about configuring ACLs for the CSS.
Enabling Administrative Access to the CSS
To enable console, FTP, SNMP, SSH, Telnet, user database, secure and unsecure XML, and web management access to the CSS, use the following no restrict commands:
•no restrict console - Enables console access to the CSS (enabled by default).
•no restrict ftp - Enables FTP access to the CSS (enabled by default).
•no restrict ssh - Enables SSH access to the CSS (enabled by default).
•no restrict snmp - Enables SNMP access to the CSS (enabled by default).
•no restrict telnet - Enables Telnet access to the CSS (enabled by default).
•no restrict
•no restrict
| Cisco Content Services Switch Security Configuration Guide |