Filter
Top Products
1-13
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter 1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
• Logging ACL Activity
• ACL Example
ACL Overview
ACLs configured on the CSS provide a basic level of security for accessing your
network. Without ACLs on the CSS, all packets passing through VLAN circuits
on the CSS could be allowed onto the entire network. With ACLs, you may want
to permit all e-mail traffic on the CSS circuit, but block Telnet traffic. You can
also use ACLs to allow one client to access a part of the network and prevent
another client from accessing the same area.
An ACL consists of clauses that you define. The CSS uses these clauses to
determine how to handle each packet it processes on a VLAN circuit. When the
CSS examines each packet, it either forwards or blocks the packet based on
whether or not the packet matches a clause in the ACL. You must configure a
permit clause in an ACL to allow traffic through the circuit. An implicit “deny all”
clause exists at the end of every ACL.
When configuring ACLs on a CSS, you must apply an ACL to each VLAN circuit
on the CSS to control traffic on the VLAN. An applied ACL on a circuit assigns
the ACL and its clauses to the circuit.
After you apply an ACL to each CSS circuit, you must enable the ACLs on the
CSS. Globally enabling ACLs affect all circuits in the CSS. When you enable
ACLs, the CSS uses the clauses in all ACLs to permit or deny traffic on all
circuits. If a circuit does not have an ACL, the CSS applies an implicit “deny all”
clause to this circuit causing the CSS to deny all traffic on it.