Cisco has announced the end of sales for the Cisco CSS 11000 and CSS 11800 Series Content Service Switch. For more information, refer to the End-of-Sales Announcement.
This document discusses why enabling Access Control Lists (ACLs) on the Content Services Switch (CSS) 11000 and 11500 disables all by default.
There are no specific requirements for this document.
The information in this document is based on these software and hardware versions:
Cisco CSS 11000 and 11500 Series Switches
Cisco WebNS Software Release 2.0 and later
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
When the CSS has ACLs enabled, the box defaults to denying all traffic on all VLANs. In order to allow traffic through the CSS, you must configure an ACL for each VLAN to permit the traffic through the box that you desire. An explicit deny all clause exists at the end of every ACL. VLANs that do not have an ACL applied do not allow any traffic through until you configure an ACL that allows traffic. An example is shown here.
acl 10 clause 10 permit any any destination any apply circuit-(VLAN4)
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.