1-25
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
After you create clauses for an ACL, you can apply the ACL to a circuit. For more
information, see the “Applying an ACL to a Circuit or DNS Queries” section.
Adding a Clause When ACLs are Globally EnabledIf you are adding a new clause to an applied ACL when ACLs are globally enabled
on the CSS, you must reapply the ACL to the circuit using the apply circuit
command for the clause to take effect.
prefer
service_name
Prefer the specified service as the traffic destination over
other services. To define more than one preferred service,
separate each service with a comma (,). You can define a
maximum of two services.
You cannot configure services learned through an
Application Peering Protocol (APP) session as prefer red
services. A remote service learned through APP is of the
form ap-redirect@192.168.138.118 and can been seen on
the show service summary screen. When configuring an
ACL clause, you cannot use this service as a preferred
service. If you save this clause in the startup-config and
reboot the CSS, a startup error occurs because this service
has not been learned through APP at this point. For
example:
clause 10 permit any any destination any prefer
ap-redirect@192.168.138.118
Note ACLs configured with a preferred service take
precedence over stickiness.
If you specify both a source group and a preferred
service in a clause, you must specify the source
group before you specify the preferred service
within the clause.
Table1-2 Clause Command Options (conti nued)
Variables and
Options Parameters