Filter
Top Products
Chapter 1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
1-18
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Note If a circuit does not have an ACL, the CSS applies an implicit “deny all” clause
to this circuit causing the CSS to deny all traffic on it.
To create an ACL and access ACL mode, use the acl index number command. The
index number defines the ACL and can range from 1 to 99. To display a list of
existing ACLs, use the acl ? command.
(config)# acl 7
When you access this mode, the prompt changes to the ACL mode of the index
number you created. For example:
(config-acl[7])#
After you create an ACL, you must add clauses to it. For more information, see
the “Configuring Clauses” section.
Deleting an ACL
When you no longer need an ACL and its clauses on the CSS, you can delete the
ACL. When you delete an ACL, all of its clauses are also deleted. To delete an
ACL, use the no acl command. For example, to delete ACL 7, enter:
(config)# no acl 7
If you delete an ACL that is currently applied to a circuit and ACLs are enabled
on the CSS, the ACL is removed from the circuit and the CSS denies traffic on the
circuit. If you want to permit traffic on the circuit, globally disable the ACLs on
the CSS, which permits all traffic on a circuit.
For example:
1. In global configuration mode, disable all ACLs on the CSS.
(config)# acl disable
2. In ACL mode, remove the ACL from the circuit. For example, enter:
(config-acl[7])# remove circuit-(VLAN1)
3. In global configuration mode, delete the ACL. For example, enter:
(config)# no acl 7