Manuals
/
Cisco Systems
/
Computer Equipment
/
Switch
Cisco Systems
OL-5650-02
manual
Viii
Models:
OL-5650-02
1
8
122
122
Download
122 pages
20.34 Kb
5
6
7
8
9
10
11
12
Symbols and Conventions
Config# no username picard
Controlling CSS Access
Setting TACACS+ Authorization
How to
Submitting a Service Request
Page 8
Image 8
Figures
Cisco Content Services Switch Security Configuration Guide
viii
OL-5650-02
Page 7
Page 9
Page 8
Image 8
Page 7
Page 9
Contents
Cisco Content Services Switch Security Configuration Guide
Cisco Content Services Switch Security Configuration Guide
N T E N T S
Iii
ACL Overview
Configuring the CSS as a Client of a Radius Server
Configuring Firewall Load Balancing
Example of Fwlb
Vii
Viii
B L E S
OL-5650-02
Preface
Xii
How to Use This Guide
Audience
Related Documentation
Xiii
Rmon
Xiv
Document Title Description
Symbols and Conventions
Xvi
Xvii
Obtaining Documentation
Cisco.com
Documentation Feedback
Documentation DVD
Ordering Documentation
Xviii
Xix
Reporting Security Problems in Cisco Products
Cisco Product Security Overview
Obtaining Technical Assistance
Cisco Technical Support Website
Submitting a Service Request
Xxi
Definitions of Service Request Severity
Xxii
Xxiii
Xxiv
Controlling CSS Access
Changing the Administrative Username and Password
Config# username-offdm bobo password secret
Creating Usernames and Passwords
Config# username picard password captain superuser
Controlling CSS Access Creating Usernames and Passwords
Config# username picard password flute superuser
Config# username picard password captain superuser Nwbnnnr
Config# no username picard
Controlling Remote User Access to the CSS
Configuring Virtual Authentication
#config virtual authentication secondary local
Configuring Console Authentication
#config virtual authentication primary tacacs
#config no console authentication
#config console authentication primary tacacs
#config console authentication secondary local
Controlling Administrative Access to the CSS
Enabling Administrative Access to the CSS
Disabling Administrative Access to the CSS
Config# no restrict web-mgmt
Controlling CSS Network Traffic Through Access Control Lists
Config# restrict telnet
ACL Overview
ACL
ACL Configuration Quick Start
Config-acl7#apply circuit-VLAN1
Config-acl7#clause 10 deny any any destination range 20
Config-acl7#clause 15 permit any any destination any
Creating an ACL
Deleting an ACL
Config# acl disable
Config-acl7#remove circuit-VLAN1
Configuring Clauses
Cisco Content Services Switch Security Configuration Guide
Variables Options Parameters
Destination content ownername/ rulename for an
Variables OptionsParameters
Variables Options Parameters
Show group ?
Adding a Clause When ACLs are Globally Enabled
Prefer
Deleting a Clause
Config-acl7remove circuit-VLAN1
Config-acl7apply circuit-VLAN1
Applying an ACL to a Circuit or DNS Queries
Removing an ACL from Circuits or DNS Queries
Enabling ACLs on the CSS
Disabling ACLs on the CSS
Showing ACLs
Field Description
Setting the Show ACL Counters to Zero
Logging ACL Activity
Config-acl7#clause 1 log enable
Config-acl7#clause 1 log disable
Config# no logging subsystem acl
ACL Example
Configuring Network Qualifier Lists for ACLs
Adding Networks to an NQL
Creating an NQL
Describing an NQL
Config# logging subsystem nql level debug-7
Config-nqlbypassnql#no ip address 192.168.0.0/16
Showing NQL Configurations
Adding an NQL to an ACL Clause
Configuring the Secure Shell Daemon Protocol
Enabling SSH
# license
Configuring SSH Access
Configuring Sshd in the CSS
Configuring Sshd Keepalive
Config# no restrict ssh
Configuring Sshd Port
Configuring Sshd Server-Keybits
Configuring Sshd Version
Config# sshd server-keybits
Config# no sshd server-keybits
Config# sshd version
Configuring Telnet Access When Using Sshd
Showing Sshd Configurations
Config# no restrict telnet
# show sshd config
# show sshd sessions
Ptyfd
# show sshd version
Radius Server
Configuring the CSS as a Client of a Radius Server
Config# radius-server secondary 172.27.56.79 secret Hello
Radius Configuration Quick Start
Config# radius-server primary 172.27.56.76 secret Hello
Configuring a Radius Server for Use with the CSS
#config virtual authentication primary radius
Configuring Authentication Settings
Configuring Authorization Settings
Specifying a Primary Radius Server
Specifying a Secondary Radius Server
Config# no radius-server primary
Config# no radius-server secondary
Configuring the Radius Server Timeouts
Configuring the Radius Server Retransmits
Config# radius-server timeout
Config# no radius-server timeout
Configuring the Radius Server Dead-Time
Config# no radius-server retransmit
Config# radius-server dead-time
Config# no radius-server dead-time
Config# show radius statistics secondary
DOWN, Unknown
3describes the fields in the show radius statistics output
OL-5650-02
TACACS+ Server
TACACS+ Configuration Quick Start
Config# show tacacs-server
Configuring Authorization Settings
Configuring Global TACACS+ Attributes
#config no tacacs-server timeout
Setting the Global CSS TACACS+ Timeout Period
#config tacacs-server timeout
Setting the Global TACACS+ Keepalive Frequency
#config tacacs-server key market
#config tacacs-server key acskefterefesdtx
#config no tacacs-server key
Config# no tacacs-server frequency
Defining a TACACS+ Server
OL-5650-02
#config no tacacs-server 192.168.11.1
Setting TACACS+ Authorization
#config tacacs-server authorize config
#config tacacs-server authorize non-config
#config no tacacs-server authorize config
#config no tacacs-server authorize non-config
Setting TACACS+ Accounting
Showing TACACS+ Server Configuration Information
Field Description
OL-5650-02
Configuring Firewall Load Balancing
Overview of Fwlb
Configuring Fwlb
Firewall Synchronization
Config# no ip firewall
Configuring a Keepalive Timeout for a Firewall
Config# ip firewall 1 192.168.27.1 192.168.28.1
Config# no ip firewall timeout
Configuring an IP Static Route for a Firewall
Config# ip firewall timeout
Configuring Ospf to Advertise Firewall Routes
Config# ip route 192.168.2.0/24 firewall 1
Config# no ip route 192.168.2.0/24 firewall
Config# ospf redistribute firewall metric 3 type1
Configuring RIP to Advertise Firewall Routes
Example of Fwlb Static Route Configuration
Config# no ospf redistribute firewall
Config# rip redistribute firewall
Config# ip firewall 1 192.168.28.1 192.168.27.1
Config# ip route 192.168.2.0/24 firewall
Config# ip firewall 2 192.168.28.2 192.168.27.2
Config# ip route 0.0.0.0/0 firewall
Example of Fwlb
Configuring Fwlb with VIP and Virtual Interface Redundancy
Fwlb with VIP/Interface Redundancy Configuration
Cisco Content Services Switch Security Configuration Guide
Example of Firewall and Route Configurations
CSS-OUT-L Configuration
CSS-IN-L Configuration
Displaying Firewall Flow Summaries
Config# show flows 192.165.22.1
Config# show flows
Config# show ip routes firewall
Displaying Firewall IP Routes
Config# show ip firewall
Displaying Firewall IP Information
OL-5650-02
D E
IN-1
IN-2
FTP
IN-3
Radius
IN-4
XML
IN-5
IN-6
Top
Page
Image
Contents
