I was working at a client site of mine this morning. I was configuring some modifications to a couple of the known ACL's configured on the box.
I did a "sh access-list" command and received some very strange output. here is what I received:
Extended IP access list PCI-vlan1-egress
10 permit ip 18.104.22.168 0.0.0.255 any (1168573 matches)
Extended IP access list PCI-vlan2
Extended IP access list system-cpp-all-routers-on-subnet
10 permit ip any host 22.214.171.124
Extended IP access list system-cpp-all-systems-on-subnet
10 permit ip any host 126.96.36.199
Extended IP access list system-cpp-dhcp-cs
10 permit udp any eq bootpc any eq bootps
Extended IP access list system-cpp-dhcp-sc
10 permit udp any eq bootps any eq bootpc
Extended IP access list system-cpp-dhcp-ss
10 permit udp any eq bootps any eq bootps
Extended IP access list system-cpp-igmp
10 permit igmp any 188.8.131.52 184.108.40.206
Extended IP access list system-cpp-ip-mcast-linklocal
10 permit ip any 220.127.116.11 0.0.0.255
Extended IP access list system-cpp-ospf
10 permit ospf any 18.104.22.168 0.0.0.255
Extended IP access list system-cpp-pim
10 permit pim any 22.214.171.124 0.0.0.255
Extended IP access list system-cpp-ripv2
10 permit ip any host 126.96.36.199
Extended MAC access list system-cpp-bpdu-range
permit any 0180.c200.0000 0000.0000.000c
Extended MAC access list system-cpp-cdp
permit any host 0100.0ccc.cccc
Extended MAC access list system-cpp-cgmp
permit any host 0100.0cdd.dddd
Extended MAC access list system-cpp-dot1x
permit any host 0180.c200.0003
Extended MAC access list system-cpp-lldp
permit any host 0180.c200.000e
Extended MAC access list system-cpp-mcast-cfm
permit any 0100.0ccc.ccc0 0000.0000.0007
Extended MAC access list system-cpp-sstp
permit any host 0100.0ccc.cccd
Extended MAC access list system-cpp-ucast-cfm
permit any host 001a.a11c.84bd
I do not know what the bottom 18 ACL's are. I DO know that I didnt configure them. Has anyone out here in the braintrust seem these before, and if so, what are they? Is there some configuration option that enables these ACL's??
Those are the CoPP: Control Plane Policy ACL.
They are needed for the functioning of your switch. They are not seem in a show run, but a show access-lists displays them.
The access-lists were introduced as part of the control-plane policers
from 12.2(31)SG onwards.
The document on configuring CoPP details the access-lists for a cat4k:
I dont know what platform you have but if you search on cisco.com you will find a document for your switch.