4506 switch access-list question

mike.feeney · ‎08-24-2007

I wanted to see what access-lists we had. Does anyone know what these entries are? They don't seem to be applied to an interface.

4506_Core#sh ip access-l

Extended IP access list system-cpp-all-routers-on-subnet

10 permit ip any host 224.0.0.2

Extended IP access list system-cpp-all-systems-on-subnet

10 permit ip any host 224.0.0.1

Extended IP access list system-cpp-dhcp-cs

10 permit udp any eq bootpc any eq bootps

Extended IP access list system-cpp-dhcp-sc

10 permit udp any eq bootps any eq bootpc

Extended IP access list system-cpp-dhcp-ss

10 permit udp any eq bootps any eq bootps

Extended IP access list system-cpp-igmp

10 permit igmp any 224.0.0.0 31.255.255.255

Extended IP access list system-cpp-ip-mcast-linklocal

10 permit ip any 224.0.0.0 0.0.0.255

Extended IP access list system-cpp-ospf

10 permit ospf any 224.0.0.0 0.0.0.255

Extended IP access list system-cpp-pim

10 permit pim any 224.0.0.0 0.0.0.255

Extended IP access list system-cpp-ripv2

10 permit ip any host 224.0.0.9

lamav · ‎08-26-2007

Mike:

To use access lists, one first has to create them in global configuration mode and then apply them to a certain interface. That is if you want to use the access lists to filter traffic through that interface.

However, access lists are also used with route maps, QoS implementations and also in other cases. So, before deleting any access lists, make sure they are not being referenced anywhere in the config.

HTH