1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. OL-4387-02
  6. Configuration manual

Configuration Of Packet Filtering; Configuration Example For Packet Filtering; Ssg Unconfig; Restrictions For Ssg Unconfig - Cisco OL-4387-02 Configuration Manual

Router service selection gateway configuration guide
Hide thumbs
Table of Contents

Advertisement

Chapter 11
Miscellaneous SSG Features

Configuration of Packet Filtering

To configure SSG ACLs, use the following Cisco-AV pair attributes:
For more information, refer to the

Configuration Example for Packet Filtering

The following is an example of a downstream ACL (outacl):
Cisco-AVpair = "ip:outacl#101=deny tcp 192.168.1.0 0.0.0.255 any eq 21"
The following is an example of an upstream ACL (inacl):
Cisco-AVpair = "ip:inacl#101=deny tcp 192.168.1.0 0.0.0.255 any eq 21"

SSG Unconfig

The SSG Unconfig feature enhances your ability to disable SSG at any time and releases the data
structures and system resources created by SSG when SSG is unconfigured.
SSG Unconfig removes SSG allocated resources when you globally disable SSG after it was enabled.
When you enable SSG, the SSG subsystem in the Cisco IOS software acquires system resources that are
never released, even after you disable SSG. The SSG Unconfig feature enables you to release and clean
up system resources when SSG is not in use by entering the no ssg enable force-cleanup command.
The SSG Unconfig feature also enhances several IOS commands to allow you to delete all host objects,
a range of host objects, or all service objects (connection objects). Enhancements to the show ssg host
command allow you to display information about an interface and its IP address when you enable
host-key mode on that interface. For more information about the SSG commands, refer to the
Cisco 10000 Series Routers Command Quick Reference
For more information about the SSG Unconfig feature, refer to the
feature module

Restrictions for SSG Unconfig

SSG Unconfig clears all SSG resources on the system. Therefore, if you no longer need to run SSG
features on the router, instead of using SSG Unconfig enter the no ssg enable force-cleanup command
after all users are logged out.
OL-4387-02
Downstream Access Control List (outacl)
Cisco-AVpair = "ip:outacl[# numbe r]={ standard-access-control-list |
extended-access-control-lis t}"
Upstream Access Control List (inacl)
Cisco-AVpair = "ip:inacl[# numbe r]={ standard-access-control-list |
extended-access-control-lis t}"
and the
Service Selection Gateway, Release 12.2(15)B feature
Service Selection Gateway, Release 12.2(15)B feature
Guide.
Cisco 10000 Series Router Service Selection Gateway Configuration Guide
SSG Unconfig
module.
SSG Unconfig, Release 12.2(15)B
module.
11-5

Advertisement

Table of Contents
loading

Related Manuals for Cisco OL-4387-02

Related Content for Cisco OL-4387-02

This manual is also suitable for:

10000 series

Table of Contents