Filter
Top Products
1-19
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter 1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
4. Apply another ACL on the circuit. If you do not apply an ACL on the circuit,
the CSS denies traffic on the circuit when you enable ACLs on the CSS.
5. Reenable all ACLs on the CSS. Enter:
(config)# acl enable
Configuring Clauses
The clauses you configure on an ACL determine how the CSS controls traffic on
a circuit. When you configure a clause, you must assign a number to it. The
number assigned to each clause is important. The CSS processes the ACL starting
from clause 1 and sequentially progresses through the rest of the clauses. When
assigning numbers to clauses, assign the lowest numbers to clauses with the most
specific matches. Then, assign higher numbers to clauses with less specific
matches.
You do not need to enter the clauses sequentially. The CSS automatically inserts
the clause in the appropriate order in the ACL. For example, if you enter clauses
10 and 24, and then clause 15, the CSS inserts the clauses in the correct sequence.
To create a clause to permit, deny, or bypass traffic on a circuit, use the clause
command. The clause number is the number you want to assign to the clause.
Enter a number from 1 to 254.
Note Once you add a new clause to an ACL when ACLs are enabled on the CSS, you
must reapply the ACL on the circuit. For more information, see the “Adding a
Clause When ACLs are Globally Enabled” section.
When you create a clause, you cannot modify it. You must delete the clause and
create a new clause. For information on deleting a clause, see the “Deleting a
Clause” section.
The CSS applies a hidden default “deny all” clause as clause 255 to all ACLs. You
must specify permit clauses that allow traffic including management traffic on the
CSS.
The syntax for the clause command is: