1-37
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter1 Controlling CSS Access
Configuring Network Qualifier Lists for ACLs
The variables and options are:
•ip_address - The destination network address. Enter the IP address in
dotted-decimal notation (for example, 192.168.0.0).
•subnet_prefix|subnet_mask - The IP subnet mask prefix length in CIDR
bitcount notation (for example, /16). The valid prefix length range is 8 to 32.
Do not enter a space to separate the IP address from the prefix length.
•subnet_address - The IP subnet mask in dotted-decimal notation (for
example, 255.255.0.0).
•“description” - A description of the IP address. Enter a quoted text string with
a maximum of 63 characters.
•log - Logs an event involving an NQL. If you do not enter this option, events
are not logged. To log an NQL event, you must enable global NQL logging.
To enable global NQL logging, use the (config) logging subsystem nql level
debug-7 command. For logging information, refer to the Cisco Content
Services Switch Administration Guide.
For example, to add two networks to the NQL bypass_nql, enter:
(config-nql[bypass_nql])# ip address 192.168.0.0/16 “Network of
dynamic mail content” log
(config-nql[bypass_nql])# ip address 123.123.123.0/24
To log events occurring on a network, you must also enable global NQL logging.
For example, enter:
(config)# logging subsystem nql level debug-7
Note If you do not include a description or turn on logging when you create the entry
and later wish to add a description or turn on logging, you must first remove the
entry and then add it again with the desired options.
To remove an IP address from an NQL, use the no ip address command. For
example, enter:
(config-nql[bypass_nql])# no ip address 192.168.0.0/16