Filter
Top Products
1-31
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter 1 Controlling CSS Access
Controlling CSS Network Traffic Through Access Control Lists
• DNS Hits - Packets that match an ACL clause for DNS flows when an ACL
clause is applied to DNS queries. The display includes a DNS hit counter,
which counts DNS lookups.
The total number of ACL hits for each packet received by the CSS can vary
depending on the type of flow and whether an ACL match occurred. The CSS
performs an ACL check for every packet received until the ACL flow is
completely set up. Once the ACL flow is set up, remaining packets received by
the CSS that are associated with the flow are not subject to an ACL match and the
ACL hit counters do not increment.
The syntax is:
• show acl - Displays all ACLs and their clauses.
• show acl index - Displays the clauses for the specified ACL index number
(valid numbers are 1 to 99).
• show acl config - Displays the ACL global configuration. This command also
shows you which ACLs are applied to which circuits.
For example, enter:
(config)# show acl 2
Table 1-3 describes the fields in the show acl command output.
Table 1-3 Field Descriptions for the show acl Command Output
Field Description
Acl The number assigned to the ACL (a number from 1 to 99)
Clause The number assigned to the clause (a number from 1 to
254)
Action The method with which incoming traffic is controlled by
the clause (permit, deny, or bypass) and the protocol for
the type of traffic
Source The configured source of the traffic
Destination The configured destination for the traffic
Log Indicates whether ACL logging is enabled or disabled on
the specified clause
Content Hits Increments for a packet received by the CSS before flow
setup