Chapter 1 Controlling CSS Access

Controlling CSS Network Traffic Through Access Control Lists

To enable logging on an existing ACL clause, use the log enable option for the clause command and enter:

(config-acl[7])#clause 1 log enable

If ACLs are globally enabled on the CSS, configure logging on an existing ACL clause:

1.In global configuration mode, disable all ACLs on the CSS.

(config)# acl disable

2.Enter the ACL mode for which you want to enable logging.

(config)# acl 7 (config-acl[7])#

3.Remove the ACL from the circuit.

(config-acl[7])remove circuit-(VLAN1)

4.Enable logging for the existing clause.

(config-acl[7])#clause 1 log enable

5.Reapply the ACL to the circuit.

(config-acl[7])#apply circuit-(VLAN1)

6.In global configuration mode, reenable all ACLs on the CSS.

(config)# acl enable

To disable ACL logging for a specific clause, enter:

1.In global configuration mode, disable all ACLs on the CSS.

(config)# acl disable

2.Enter the ACL mode for which you want to disable logging.

(config)# acl 7 (config-acl[7])#

3.Remove the ACL from the circuit.

(config-acl[7])remove circuit-(VLAN1)

4.Disable logging for the existing clause.

(config-acl[7])#clause 1 log disable

 

 

Cisco Content Services Switch Security Configuration Guide

 

 

 

 

 

 

OL-5650-02

 

 

1-33

 

 

 

Page 57
Image 57
Cisco Systems OL-5650-02 manual Config-acl7#clause 1 log enable, Config-acl7#clause 1 log disable