Chapter 1 Controlling CSS Access
Configuring Network Qualifier Lists for ACLs
!**************************** ACL ***************************
acl 1
clause 20 permit any 172.16.107.0 255.255.255.0 destination 172.16.107.15
clause 30 permit any 172.16.107.0 255.255.255.0 destination 172.16.107.16
clause 40 permit any 172.16.107.0 255.255.255.0 destination 172.16.107.35 eq 80
clause 50 permit ICMP any destination any clause 60 permit udp any destination any eq 520 clause 70 deny any any destination any
apply
Configuring Network Qualifier Lists for ACLs
NQL configuration mode allows you to configure a network qualifier list (NQL). An NQL is a list of networks or specific services, identified by IP address and subnet mask, that you assign to an ACL clause as a source or destination. By grouping networks into an NQL and assigning the NQL to an ACL clause, you have to create only one clause instead of a separate clause for each network.
The CSS enables you to configure a maximum of 512:
•Networks or services per NQL
•NQLs per CSS
This functionality is useful, for example, in a caching environment in which you have a network you want to bypass and send content requests directly to the origin servers (servers containing the content). You can also use an NQL for users who prefer a service based on a specific network.
To access NQL configuration mode, use the nql command. The prompt changes to
See the following sections to configure an NQL:
•Creating an NQL
•Describing an NQL
•Adding Networks to an NQL
•Adding an NQL to an ACL Clause
•Showing NQL Configurations
|
| Cisco Content Services Switch Security Configuration Guide |
|
|
|
|
| ||
|
|
| ||
|
|
|
