1-17
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
The following running-config example shows the result of entering the commands
in Tabl e 1-1.
!**************************** ACL ****************************
acl 7
clause 10 deny any any destination range 20 23
clause 15 permit any any destination any
apply circuit-(VLAN1)
!************************** GLOBAL ***************************
acl enable
Creating an ACLACLs contain clauses to control traffic on CSS circuits. Because all circuits are
affected when you globally enable ACLs on the CSS, you must create an ACL for
each circuit. You can apply an ACL to more than one circuit. You can also apply
an ACL to all circuits on the CSS.
5. You must repeat steps 1 through 4 to create an ACL with at least one permit
clause for all other circuits and apply the ACL to them. If a circuit does not
have an applied ACL when you enable ACLs on the CSS, the CSS denies
traffic on the circuit.
6. Enable all ACLS on the CSS. Enter the global acl enable command for all
ACLs to take effect on all CSS circuit.
Caution Because enabling ACLs globally affects all traffic on all CSS circuits,
only permit clauses in an ACL allows traffic through the circuit. If
you do not apply an ACL to a circuit, the CSS applies an implicit
“deny all” clause to this circuit causing the CSS to deny all traffic on
it.
For example, enter:
(config)# acl enable
Table1-1 ACL Configuration Quick Start (continued)
Task and Command Example