Chapter1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
1-16
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Table1-1 ACL Configuration Quick Start
Task and Command Example
1. Enter global configuration mode.
# config
(config)#
2. Create an ACL and access ACL mode. Enter an ACL index number from
1 to 99.
(config)# acl 7
Create ACL <7>, [y,n]:y
(config-acl[7])#
3. Configure clauses in the ACL. The CSS will use the clauses to control
traffic on the circuit on which you will apply the ACL (for example,
VLAN1). Enter a clause number from 1 to 254 and define the clause
parameters. The syntax for defining a clause is:
clause number permit|deny|bypass protocol [source_info {source_port}]
dest [dest_info {dest_port}] {log} {prefer servicename}
{sourcegroup name}
See Tabl e 1-2 for information on the clause command options. For
example, to block ports 20 to 23 for all user access coming into the CSS on
a circuit from outside the network, enter:
(config-acl[7])# clause 10 deny any any destination range 20 23
To permit all other traffic through the CSS on a circuit, enter:
(config-acl[7])# clause 15 permit any any destination any
4. Apply the ACL to a specific circuit. In this example, there is only one
VLAN, the default VLAN1. For example, to apply acl 7 to circuit VLAN1,
enter:
(config-acl[7])# apply circuit-(VLAN1)
You can also apply ACL 7 to all circuits on the CSS by using the apply all
command.