Chapter1 Controlling CSS Access
Configuring Network Qualifier Lists for ACLs
1-38
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Adding an NQL to an ACL ClauseTo add an NQL to an ACL clause:
1. Create the ACL. For example, enter:
(config)# acl 10
2. Define the clause, including the NQL as either a source or destination.
This clause example bypasses content rules for any traffic from any source
going to the destination networks defined in NQL bypass_nql on port 80.
(config-acl[10])# clause 1 bypass any any destination nql
bypass_nql eq 80
Showing NQL ConfigurationsUse the show nql command to display NQL configuration information. The
syntax for this command is:
•show nql - Displays information for all NQLs. If you enter this command in
NQL mode, the CSS displays the addresses only for the current NQL.
•show nql nql_name - Displays information for the specified NQL. Enter the
NQL name as a case-sensitive unquoted text string with no spaces. To see a
list of existing NQL names, use the show nql ? command.
For example, enter:
(config-nql[bypass_nql])# show nql
Tabl e 1-4 describes the fields in the show nql command output.
Table1-4 Field Descriptions for the show nql Command Output
Field Description
Name The name of the NQL.
Description The description associated with the NQL.
IP Addresses The IP addresses and subnet mask supported by the NQL. If
configured, a description appears after the address.