Troubleshooting guide
CHAPTER
1-1
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
1
Creating and Managing IP Access Control Lists
for WAAS Devices
This chapter describes how to use the Wide Area Application Services (WAAS) Central Manager GUI
to centrally create and manage Internet Protocol (IP) access control lists (ACLs) for your WAAS devices.
This chapter contains the following sections:
• About IP ACLs for WAAS Devices, page 1-1
• Creating and Managing IP ACLs for WAAS Devices, page 1-2
• List of Extended IP ACL Conditions, page 1-7
Note You must log in to the WAAS Central Manager GUI using an account with admin privileges to view, edit, or
create IP ACL configurations.
Note Throughout this chapter, the term WAAS device is used to refer collectively to the WAAS Central
Managers and WAEs in your network. The term WAE refers to WAE appliances, WAE Network Modules
(the NME-WAE family of devices), and SM-SRE modules running WAAS.
About IP ACLs for WAAS Devices
In a centrally managed WAAS network environment, administrators need to be able to prevent
unauthorized access to various devices and services. IP ACLs can filter packets by allowing you to
permit or deny IP packets destined for a WAAS device.
The WAAS software supports standard and extended ACLs that allow you to restrict access to a WAAS
device. The WAAS software can use the following types of ACLs:
• Interface ACL—Applied on the built-in, port channel, standby, and inline group interfaces. This
type of ACL is intended to control management traffic (Telnet, SSH, and Central Manager GUI).
The ACL rules apply only to traffic that is destined for the WAE or originates from the WAE, not
WCCP transit traffic. Use the ip access-group interface configuration command to apply an
interface ACL.