This document discusses why enabling Access Control Lists (ACLs) on the
Content Services Switch (CSS) 11000 and 11500 disables all by default.
There are no specific requirements for this document.
The information in this document is based on these software and
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
For more information on document conventions, refer to the
Technical Tips Conventions.
When the CSS has ACLs enabled, the box defaults to denying all traffic
on all VLANs. In order to allow traffic through the CSS, you must configure an
ACL for each VLAN to permit the traffic through the box that you desire. An
explicit deny all clause exists at the end of every ACL. VLANs
that do not have an ACL applied do not allow any traffic through until you
configure an ACL that allows traffic. An example is shown here.
clause 10 permit any any destination any