
Chapter 1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
To enable logging on an existing ACL clause, use the log enable option for the clause command and enter:
(config-acl[7])# clause 1 log enable
If ACLs are globally enabled on the CSS, configure logging on an existing ACL clause:
1.In global configuration mode, disable all ACLs on the CSS.
(config)# acl disable
2.Enter the ACL mode for which you want to enable logging.
(config)# acl 7
3.Remove the ACL from the circuit.
(config-acl[7]) remove circuit-(VLAN1)
4.Enable logging for the existing clause.
5.Reapply the ACL to the circuit.
(config-acl[7])# apply circuit-(VLAN1)
6.In global configuration mode, reenable all ACLs on the CSS.
(config)# acl enable
To disable ACL logging for a specific clause, enter:
1.In global configuration mode, disable all ACLs on the CSS.
(config)# acl disable
2.Enter the ACL mode for which you want to disable logging.
(config)# acl 7
3.Remove the ACL from the circuit.
(config-acl[7]) remove circuit-(VLAN1)
4.Disable logging for the existing clause.
(config-acl[7])# clause 1 log disable
|
| Cisco Content Services Switch Security Configuration Guide |
|
|
|
|
| ||
|
|
| ||
|
|
|