Filter
Top Products
1-35
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter 1 Controlling CSS Access
Configuring Network Qualifier Lists for ACLs
!**************************** ACL ***************************
acl 1
clause 20 permit any 172.16.107.0 255.255.255.0 destination
172.16.107.15
clause 30 permit any 172.16.107.0 255.255.255.0 destination
172.16.107.16
clause 40 permit any 172.16.107.0 255.255.255.0 destination
172.16.107.35 eq 80
clause 50 permit ICMP any destination any
clause 60 permit udp any destination any eq 520
clause 70 deny any any destination any
apply circuit-(VLAN1)
Configuring Network Qualifier Lists for ACLs
NQL configuration mode allows you to configure a network qualifier list (NQL).
An NQL is a list of networks or specific services, identified by IP address and
subnet mask, that you assign to an ACL clause as a source or destination. By
grouping networks into an NQL and assigning the NQL to an ACL clause, you
have to create only one clause instead of a separate clause for each network.
The CSS enables you to configure a maximum of 512:
• Networks or services per NQL
• NQLs per CSS
This functionality is useful, for example, in a caching environment in which you
have a network you want to bypass and send content requests directly to the origin
servers (servers containing the content). You can also use an NQL for users who
prefer a service based on a specific network.
To access NQL configuration mode, use the nql command. The prompt changes
to (config-nql [name]). You can also use this command from NQL mode to access
another NQL.
See the following sections to configure an NQL:
• Creating an NQL
• Describing an NQL
• Adding Networks to an NQL
• Adding an NQL to an ACL Clause
• Showing NQL Configurations