Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentOL-4015-08
131132133134135136137138139140
Chapter 5 Configuring Access Lists and Filtering GSS Traffic
Filtering GSS Traffic Using Access Lists
5-2
Cisco Global Site Selector Administration Guide
OL-5480-01
Access List Overview
The packet filtering tools on the GSS instruct each device to permit or refuse
specific packets based on a combination of criteria that includes:
Destination port of the packets
Requesting host
Protocol used (TCP, UDP, or ICMP)
You create packet-filtering tools, called access lists, from the GSS CLI. Access
lists are essentially collections of filtering rules that you create using the
access-list CLI command. Each access list is a sequential collection of permit and
deny conditions that apply to a source network IP address to control whether the
GSS forwards or blocks routed packets. The GSS examines each packet to
determine whether to forward or drop the packet based on the criteria specified
within the access lists.
You can create any number of access lists on each GSS device. After creating an
access list, you can append or remove rules from the list at any time. Apply access
lists to one or both of the GSS Ethernet interfaces using the access-group
command.
The GSS appends each additional criteria statement to the end of the access list
statements. Be aware that you cannot delete individual statements after creating
them. You can only delete an entire access list.
The order of access list statements is very important. When the GSS decides
whether to forward or block a packet, it tests the packet against each criteria
statement in the order the statements were created. After a match is found, the
GSS does not check any additional criteria statements.
If you create a criteria statement that explicitly permits all traffic, the GSS does
not check any additional statements added after the explicit permit statement and
permits all traffic. If you need additional statements, delete the access list and
retype it with the new entries.
To ensure your GSS functions properly with access lists, identify the ports and
protocols normally used by each GSS device.
Table 5-1 illustrates the types of
expected inbound traffic received by the GSS.