Filter
Top Products
1-27
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter 1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
Note When you remove an applied ACL from the circuit, the CSS applies an implicit
“deny all” clause to this circuit causing the CSS to deny all traffic on it. If you
want the CSS to permit traffic on the circuit when removing the applied ACL from
the circuit, globally disable ACLs on the CSS with the global configuration mode
acl disable command. By disabling all ACLs on the CSS, the CSS permits all
traffic on all circuits.
Applying an ACL to a Circuit or DNS Queries
After you configure the clauses on an ACL, use the apply command to assign an
ACL to all circuits, an individual circuit, or to DNS queries.
Note When you add a new clause to an applied ACL, use the apply circuit command
to reapply the ACL on the circuit for the clause to take effect.
You cannot apply an empty ACL to a circuit. If you attempt to do so, this error
message appears: Cannot apply ACL for it has no clauses.
The syntax and options for this ACL mode command are:
• apply all - Applies the ACL to all existing circuits. For example:
(config-acl[7])# apply all
• apply circuit - (circuit_name) - Applies the ACL to an individual circuit. For
example, to apply acl 7 to circuit VLAN1:
(config-acl[7])# apply circuit-(VLAN1)
To display a list of circuits, use the apply ? command.
• apply dns - Adds the ACL to DNS queries.
(config-acl[7])# apply dns
If you configure a domain name on a content rule on a CSS using the add dns
domain_ name command, a DNS query for that domain name does match an
ACL that is configured with the apply dns command.