Document ID: 12606
Updated: Jan 31, 2006
Cisco has announced the end of sales for the Cisco CSS 11000 and CSS 11800 Series Content Service Switch. For more information, refer to the End-of-Sales Announcement.
Contents
Introduction
This document discusses why enabling Access Control Lists (ACLs) on the Content Services Switch (CSS) 11000 and 11500 disables all by default.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
-
Cisco CSS 11000 and 11500 Series Switches
-
Cisco WebNS Software Release 2.0 and later
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Information
When the CSS has ACLs enabled, the box defaults to denying all traffic on all VLANs. In order to allow traffic through the CSS, you must configure an ACL for each VLAN to permit the traffic through the box that you desire. An explicit deny all clause exists at the end of every ACL. VLANs that do not have an ACL applied do not allow any traffic through until you configure an ACL that allows traffic. An example is shown here.
acl 10 clause 10 permit any any destination any apply circuit-(VLAN4)
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.