Cisco Systems OL-5650-02 Manual de usuario

Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax:

TablesxCisco Content Services Switch Security Configuration GuideOL-5650-02

Chapter 5 Configuring Firewall Load BalancingOverview of FWLB5-2Cisco Content Services Switch Security Configuration GuideOL-5650-02Overview of

5-3Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 5 Configuring Firewall Load BalancingConfiguring FWLBFirewall Sy

Chapter 5 Configuring Firewall Load BalancingConfiguring FWLB5-4Cisco Content Services Switch Security Configuration GuideOL-5650-02You must de

5-5Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 5 Configuring Firewall Load BalancingConfiguring FWLBUse the ip

Chapter 5 Configuring Firewall Load BalancingConfiguring FWLB5-6Cisco Content Services Switch Security Configuration GuideOL-5650-02• index - A

5-7Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 5 Configuring Firewall Load BalancingConfiguring FWLBTo stop adv

Chapter 5 Configuring Firewall Load BalancingConfiguring FWLB5-8Cisco Content Services Switch Security Configuration GuideOL-5650-02To configur

5-9Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 5 Configuring Firewall Load BalancingConfiguring FWLBFigure 5-1

Chapter 5 Configuring Firewall Load BalancingConfiguring FWLB with VIP and Virtual Interface Redundancy5-10Cisco Content Services Switch Securi

5-11Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 5 Configuring Firewall Load BalancingConfiguring FWLB with VIP

xiCisco Content Services Switch Security Configuration GuideOL-5650-02PrefaceThis guide provides instructions for configuring the security features o

Chapter 5 Configuring Firewall Load BalancingConfiguring FWLB with VIP and Virtual Interface Redundancy5-12Cisco Content Services Switch Securi

5-13Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 5 Configuring Firewall Load BalancingConfiguring FWLB with VIP

Chapter 5 Configuring Firewall Load BalancingConfiguring FWLB with VIP and Virtual Interface Redundancy5-14Cisco Content Services Switch Securi

5-15Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 5 Configuring Firewall Load BalancingDisplaying Firewall Flow S

Chapter 5 Configuring Firewall Load BalancingDisplaying Firewall IP Routes5-16Cisco Content Services Switch Security Configuration GuideOL-5650

5-17Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 5 Configuring Firewall Load BalancingDisplaying Firewall IP Inf

Chapter 5 Configuring Firewall Load BalancingDisplaying Firewall IP Information5-18Cisco Content Services Switch Security Configuration GuideOL

IN-1Cisco Content Services Switch Security Configuration GuideOL-5650-02INDEXAAccess Control Lists. See ACLsACLsadding an NQL to a clause1-38applying

IndexIN-2Cisco Content Services Switch Security Configuration GuideOL-5650-02configuration exampleACL1-34firewall load balancing 5-7configuration qui

IN-3Cisco Content Services Switch Security Configuration GuideOL-5650-02IndexFTPenabling access1-10restricting access to the CSS 1-11IIP routefirewal

PrefaceAudiencexiiCisco Content Services Switch Security Configuration GuideOL-5650-02AudienceThis guide is intended for the following trained and qu

IndexIN-4Cisco Content Services Switch Security Configuration GuideOL-5650-02RRADIUSCisco Secure Access Control Server (ACS)3-4console authentication

IN-5Cisco Content Services Switch Security Configuration GuideOL-5650-02IndexTTACACS+accounting, setting4-13authentication, setting 4-11Cisco Secure

IndexIN-6Cisco Content Services Switch Security Configuration GuideOL-5650-02

xiiiCisco Content Services Switch Security Configuration GuideOL-5650-02PrefaceRelated DocumentationRelated DocumentationIn addition to this guide, t

PrefaceRelated DocumentationxivCisco Content Services Switch Security Configuration GuideOL-5650-02Cisco Content Services Switch Administration Guide

xvCisco Content Services Switch Security Configuration GuideOL-5650-02PrefaceRelated DocumentationCisco Content Services Switch Content Load-Balancin

PrefaceSymbols and ConventionsxviCisco Content Services Switch Security Configuration GuideOL-5650-02Symbols and ConventionsThis guide uses the follo

xviiCisco Content Services Switch Security Configuration GuideOL-5650-02PrefaceObtaining DocumentationCourier text indicates text that appears on a c

PrefaceDocumentation FeedbackxviiiCisco Content Services Switch Security Configuration GuideOL-5650-02Documentation DVDCisco documentation and additi

xixCisco Content Services Switch Security Configuration GuideOL-5650-02PrefaceCisco Product Security OverviewYou can submit comments by using the res

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOM

PrefaceObtaining Technical AssistancexxCisco Content Services Switch Security Configuration GuideOL-5650-02• Nonemergencies— [email protected] We en

xxiCisco Content Services Switch Security Configuration GuideOL-5650-02PrefaceObtaining Technical AssistanceAccess to all tools on the Cisco Technica

PrefaceObtaining Additional Publications and InformationxxiiCisco Content Services Switch Security Configuration GuideOL-5650-02For a complete list o

xxiiiCisco Content Services Switch Security Configuration GuideOL-5650-02PrefaceObtaining Additional Publications and Information• Packet magazine is

PrefaceObtaining Additional Publications and InformationxxivCisco Content Services Switch Security Configuration GuideOL-5650-02

CHAPTER 1-1Cisco Content Services Switch Security Configuration GuideOL-5650-021Controlling CSS AccessThis chapter describes how to configure access t

Chapter 1 Controlling CSS AccessChanging the Administrative Username and Password1-2Cisco Content Services Switch Security Configuration GuideOL

1-3Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessCreating Usernames and PasswordsCreating

Chapter 1 Controlling CSS AccessCreating Usernames and Passwords1-4Cisco Content Services Switch Security Configuration GuideOL-5650-02• passwor

1-5Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessCreating Usernames and Passwords• access

iiiCisco Content Services Switch Security Configuration GuideOL-5650-02CONTENTSPreface xiAudience xiiHow to Use This Guide xiiRelated Documentation x

Chapter 1 Controlling CSS AccessControlling Remote User Access to the CSS1-6Cisco Content Services Switch Security Configuration GuideOL-5650-02

1-7Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling Remote User Access to the CSS

Chapter 1 Controlling CSS AccessControlling Remote User Access to the CSS1-8Cisco Content Services Switch Security Configuration GuideOL-5650-02

1-9Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling Remote User Access to the CSS

Chapter 1 Controlling CSS AccessControlling Administrative Access to the CSS1-10Cisco Content Services Switch Security Configuration GuideOL-565

1-11Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling Administrative Access to the

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-12Cisco Content Services Switch Security Configura

1-13Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-14Cisco Content Services Switch Security Configura

1-15Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

ContentsivCisco Content Services Switch Security Configuration GuideOL-5650-02Controlling Administrative Access to the CSS 1-10Enabling Administrativ

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-16Cisco Content Services Switch Security Configura

1-17Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-18Cisco Content Services Switch Security Configura

1-19Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-20Cisco Content Services Switch Security Configura

1-21Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-22Cisco Content Services Switch Security Configura

1-23Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-24Cisco Content Services Switch Security Configura

1-25Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

vCisco Content Services Switch Security Configuration GuideOL-5650-02ContentsConfiguring SSHD in the CSS 2-3Configuring SSHD Keepalive 2-3Configuring

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-26Cisco Content Services Switch Security Configura

1-27Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-28Cisco Content Services Switch Security Configura

1-29Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-30Cisco Content Services Switch Security Configura

1-31Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-32Cisco Content Services Switch Security Configura

1-33Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through

Chapter 1 Controlling CSS AccessControlling CSS Network Traffic Through Access Control Lists1-34Cisco Content Services Switch Security Configura

1-35Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessConfiguring Network Qualifier Lists for

ContentsviCisco Content Services Switch Security Configuration GuideOL-5650-02Setting the Global TACACS+ Keepalive Frequency 4-7Defining a TACACS+ Se

Chapter 1 Controlling CSS AccessConfiguring Network Qualifier Lists for ACLs1-36Cisco Content Services Switch Security Configuration GuideOL-565

1-37Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 1 Controlling CSS AccessConfiguring Network Qualifier Lists for

Chapter 1 Controlling CSS AccessConfiguring Network Qualifier Lists for ACLs1-38Cisco Content Services Switch Security Configuration GuideOL-565

CHAPTER 2-1Cisco Content Services Switch Security Configuration GuideOL-5650-022Configuring the Secure Shell Daemon ProtocolThe Secure Shell Daemon (S

Chapter 2 Configuring the Secure Shell Daemon ProtocolEnabling SSH2-2Cisco Content Services Switch Security Configuration GuideOL-5650-02This ch

2-3Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 2 Configuring the Secure Shell Daemon ProtocolConfiguring SSH Acc

Chapter 2 Configuring the Secure Shell Daemon ProtocolConfiguring SSHD in the CSS2-4Cisco Content Services Switch Security Configuration GuideOL

2-5Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 2 Configuring the Secure Shell Daemon ProtocolConfiguring SSHD in

Chapter 2 Configuring the Secure Shell Daemon ProtocolConfiguring Telnet Access When Using SSHD2-6Cisco Content Services Switch Security Configu

2-7Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 2 Configuring the Secure Shell Daemon ProtocolShowing SSHD Config

viiCisco Content Services Switch Security Configuration GuideOL-5650-02FIGURESFigure 1-1 CSS Directory Access Privileges 1-5Figure 1-2 ACLs Enabled o

Chapter 2 Configuring the Secure Shell Daemon ProtocolShowing SSHD Configurations2-8Cisco Content Services Switch Security Configuration GuideOL

CHAPTER 3-1Cisco Content Services Switch Security Configuration GuideOL-5650-023Configuring the CSS as a Client of a RADIUS ServerThe Remote Authentic

Chapter 3 Configuring the CSS as a Client of a RADIUS Server3-2Cisco Content Services Switch Security Configuration GuideOL-5650-02In a configur

3-3Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 3 Configuring the CSS as a Client of a RADIUS ServerRADIUS Config

Chapter 3 Configuring the CSS as a Client of a RADIUS ServerConfiguring a RADIUS Server for Use with the CSS3-4Cisco Content Services Switch Sec

3-5Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 3 Configuring the CSS as a Client of a RADIUS ServerConfiguring a

Chapter 3 Configuring the CSS as a Client of a RADIUS ServerSpecifying a Primary RADIUS Server3-6Cisco Content Services Switch Security Configur

3-7Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 3 Configuring the CSS as a Client of a RADIUS ServerSpecifying a

Chapter 3 Configuring the CSS as a Client of a RADIUS ServerConfiguring the RADIUS Server Timeouts3-8Cisco Content Services Switch Security Conf

3-9Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 3 Configuring the CSS as a Client of a RADIUS ServerConfiguring t

FiguresviiiCisco Content Services Switch Security Configuration GuideOL-5650-02

Chapter 3 Configuring the CSS as a Client of a RADIUS ServerShowing RADIUS Server Configuration Information3-10Cisco Content Services Switch Sec

3-11Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 3 Configuring the CSS as a Client of a RADIUS ServerShowing RADI

Chapter 3 Configuring the CSS as a Client of a RADIUS ServerShowing RADIUS Server Configuration Information3-12Cisco Content Services Switch Sec

CHAPTER 4-1Cisco Content Services Switch Security Configuration GuideOL-5650-024Configuring the CSS as a Client of a TACACS+ ServerThe Terminal Access

Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerTACACS+ Configuration Quick Start4-2Cisco Content Services Switch Security Configur

4-3Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerConfiguring

Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerConfiguring TACACS+ Server User Accounts for Use with the CSS4-4Cisco Content Servi

4-5Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerConfiguring

Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerConfiguring Global TACACS+ Attributes4-6Cisco Content Services Switch Security Conf

4-7Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerConfiguring

ixCisco Content Services Switch Security Configuration GuideOL-5650-02TABLESTable 1-1 ACL Configuration Quick Start 1-16Table 1-2 Clause Command Opti

Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerDefining a TACACS+ Server4-8Cisco Content Services Switch Security Configuration Gu

4-9Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerDefining a T

Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerDefining a TACACS+ Server4-10Cisco Content Services Switch Security Configuration G

4-11Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerSetting TAC

Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerSending Full CSS Commands to the TACACS+ Server4-12Cisco Content Services Switch Se

4-13Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerSetting TAC

Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerShowing TACACS+ Server Configuration Information4-14Cisco Content Services Switch S

4-15Cisco Content Services Switch Security Configuration GuideOL-5650-02Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerShowing TAC

Chapter 4 Configuring the CSS as a Client of a TACACS+ ServerShowing TACACS+ Server Configuration Information4-16Cisco Content Services Switch S

CHAPTER 5-1Cisco Content Services Switch Security Configuration GuideOL-5650-025Configuring Firewall Load BalancingThis chapter describes how to conf