1-33
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
To enable logging on an existing ACL clause, use the log enable option for the
clause command and enter:
(config-acl[7])# clause 1 log enable
If ACLs are globally enabled on the CSS, configure logging on an existing ACL
clause:
1. In global configuration mode, disable all ACLs on the CSS.
(config)# acl disable
2. Enter the ACL mode for which you want to enable logging.
(config)# acl 7
(config-acl[7])#
3. Remove the ACL from the circuit.
(config-acl[7]) remove circuit-(VLAN1)
4. Enable logging for the existing clause.
(config-acl[7])# clause 1 log enable
5. Reapply the ACL to the circuit.
(config-acl[7])# apply circuit-(VLAN1)
6. In global configuration mode, reenable all ACLs on the CSS.
(config)# acl enable
To disable ACL logging for a specific clause, enter:
1. In global configuration mode, disable all ACLs on the CSS.
(config)# acl disable
2. Enter the ACL mode for which you want to disable logging.
(config)# acl 7
(config-acl[7])#
3. Remove the ACL from the circuit.
(config-acl[7]) remove circuit-(VLAN1)
4. Disable logging for the existing clause.
(config-acl[7])# clause 1 log disable