Filter
Top Products
Chapter 1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
1-28
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
However, if you configure a CSS with the dns-server command, and the CSS
receives a DNS query for a domain name that you configured on the CSS
using the host command, the DNS query does not match an ACL that is
configured with the apply dns command.
After you apply an ACL and ACLs are disabled on the CSS, you must enter the
global configuration acl enable command to enable the ACLs on the CSS. For
information on the acl enable command, see the “Enabling ACLs on the CSS”
section later in this chapter.
Removing an ACL from Circuits or DNS Queries
Remove an ACL from the circuit when you need to delete a clause from an ACL,
the ACL applied to the circuit, or an ACL from DNS queries. To remove an ACL
from all circuits, an individual circuit, or DNS queries, use the remove command.
The syntax and options for this ACL mode command are:
• remove all - Removes the ACL from all circuits.
(config-acl[7])# remove all
• remove circuit (circuit_name) - Removes the ACL from a specific circuit.
For example, enter:
(config-acl[7])# remove circuit-(VLAN1)
To display a list of circuits that you can remove, use the remove ? command.
• remove dns - Removes the ACL from DNS queries. For example, enter:
(config-acl[7])# remove dns
We recommend that you globally disable ACLs on the CSS before removing an
ACL from a circuit. If you remove an ACL from a circuit when ACLs are enabled
on the CSS, the CSS applies an implicit “deny all” clause to this circuit causing
the CSS to deny all traffic on it. If you do not want to deny traffic on the circuit,
you must disable all ACLs on the CSS and then remove ACL from the circuit. By
disabling all ACLs on the CSS, the CSS permits all traffic on all circuits.
For example:
1. In global configuration mode, disable all ACLs on the CSS.
(config)# acl disable