Filter
Top Products
Chapter 1 Controlling CSS Access
Controlling Administrative Access to the CSS
1-10
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Controlling Administrative Access to the CSS
CSS access through a console, FTP, SSH, SNMP, and Telnet is enabled by
default. The CSS supports a maximum of four FTP sessions and a maximum of
four Telnet sessions. Use the restrict and no restrict commands to enable or
disable console, FTP, SNMP, SSH, Telnet, user database, secure and unsecure
XML, and web management data transfer to the CSS.
Specifying the restrict command does not prevent the CSS from listening for
connection attempts on the restricted port. For TCP connections, the CSS
completes the TCP 3-way handshake, then terminates the connection with an error
to prevent any data transfer from occurring. For UDP SNMP connections, the CSS
simply discards the packets.
To secure restricted ports from unauthorized access, configure ACL clauses to
deny packets destined to these ports, while permitting normal traffic to flow
through the CSS. You can also use ACLs to secure the CSS itself. See the
“Controlling CSS Network Traffic Through Access Control Lists” section for
information about configuring ACLs for the CSS.
Enabling Administrative Access to the CSS
To enable console, FTP, SNMP, SSH, Telnet, user database, secure and unsecure
XML, and web management access to the CSS, use the following no restrict
commands:
• no restrict console - Enables console access to the CSS (enabled by default).
• no restrict ftp - Enables FTP access to the CSS (enabled by default).
• no restrict ssh - Enables SSH access to the CSS (enabled by default).
• no restrict snmp - Enables SNMP access to the CSS (enabled by default).
• no restrict telnet - Enables Telnet access to the CSS (enabled by default).
• no restrict user-database - Enables users to clear the running-config file and
create or modify usernames. Only administrator and technician users can
perform these tasks (enabled by default).
• no restrict secure-xml - Enables the transfer of XML configuration files to
the CSS through secure HTTPS SSL connections (disabled by default).