Cisco CSS 11500 Series Content Services Switches

Enabling ACLs on the CSS 11000 and 11500 Disables All by Default

Document ID: 12606

Updated: Jan 31, 2006



This document discusses why enabling Access Control Lists (ACLs) on the Content Services Switch (CSS) 11000 and 11500 disables all by default.



There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco CSS 11000 and 11500 Series Switches

  • Cisco WebNS Software Release 2.0 and later

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


For more information on document conventions, refer to the Cisco Technical Tips Conventions.


When the CSS has ACLs enabled, the box defaults to denying all traffic on all VLANs. In order to allow traffic through the CSS, you must configure an ACL for each VLAN to permit the traffic through the box that you desire. An explicit deny all clause exists at the end of every ACL. VLANs that do not have an ACL applied do not allow any traffic through until you configure an ACL that allows traffic. An example is shown here.

acl 10
clause 10 permit any any destination any
apply circuit-(VLAN4)

Related Information

Updated: Jan 31, 2006
Document ID: 12606