10-27-2009 09:45 AM - edited 03-06-2019 08:19 AM
I was working at a client site of mine this morning. I was configuring some modifications to a couple of the known ACL's configured on the box.
I did a "sh access-list" command and received some very strange output. here is what I received:
bhicore#sho access-list
Extended IP access list PCI-vlan1-egress
10 permit ip 198.100.100.0 0.0.0.255 any (1168573 matches)
Extended IP access list PCI-vlan2
Extended IP access list system-cpp-all-routers-on-subnet
10 permit ip any host 224.0.0.2
Extended IP access list system-cpp-all-systems-on-subnet
10 permit ip any host 224.0.0.1
Extended IP access list system-cpp-dhcp-cs
10 permit udp any eq bootpc any eq bootps
Extended IP access list system-cpp-dhcp-sc
10 permit udp any eq bootps any eq bootpc
Extended IP access list system-cpp-dhcp-ss
10 permit udp any eq bootps any eq bootps
Extended IP access list system-cpp-igmp
10 permit igmp any 224.0.0.0 31.255.255.255
Extended IP access list system-cpp-ip-mcast-linklocal
10 permit ip any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ospf
10 permit ospf any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-pim
10 permit pim any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ripv2
10 permit ip any host 224.0.0.9
Extended MAC access list system-cpp-bpdu-range
permit any 0180.c200.0000 0000.0000.000c
Extended MAC access list system-cpp-cdp
permit any host 0100.0ccc.cccc
Extended MAC access list system-cpp-cgmp
permit any host 0100.0cdd.dddd
Extended MAC access list system-cpp-dot1x
permit any host 0180.c200.0003
Extended MAC access list system-cpp-lldp
permit any host 0180.c200.000e
Extended MAC access list system-cpp-mcast-cfm
permit any 0100.0ccc.ccc0 0000.0000.0007
Extended MAC access list system-cpp-sstp
permit any host 0100.0ccc.cccd
Extended MAC access list system-cpp-ucast-cfm
permit any host 001a.a11c.84bd
I do not know what the bottom 18 ACL's are. I DO know that I didnt configure them. Has anyone out here in the braintrust seem these before, and if so, what are they? Is there some configuration option that enables these ACL's??
Thx
Kevin
Solved! Go to Solution.
10-27-2009 09:48 AM
Those are the CoPP: Control Plane Policy ACL.
They are needed for the functioning of your switch. They are not seem in a show run, but a show access-lists displays them.
The access-lists were introduced as part of the control-plane policers
from 12.2(31)SG onwards.
The document on configuring CoPP details the access-lists for a cat4k:
I dont know what platform you have but if you search on cisco.com you will find a document for your switch.
10-27-2009 09:48 AM
Those are the CoPP: Control Plane Policy ACL.
They are needed for the functioning of your switch. They are not seem in a show run, but a show access-lists displays them.
The access-lists were introduced as part of the control-plane policers
from 12.2(31)SG onwards.
The document on configuring CoPP details the access-lists for a cat4k:
I dont know what platform you have but if you search on cisco.com you will find a document for your switch.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: