Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17962
Views
5
Helpful
4
Replies

sl_def_acl ?

Go to solution
m.pizzi
Level 1
Level 1

‎03-01-2004 03:13 PM - edited ‎03-09-2019 06:36 AM

Hi to all,

Does anyone knows what is this access list (sl_def_acl) ?

I've found it making a "sh accces-list" command on a 837 Cisco router (IOS Version 12.3(4)).

It seems to be taken in consideration if applied with the inspection command.

There is a way in order to remove it?

Thanks for your precious attention.

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
owillins
Level 6
Level 6

‎03-05-2004 11:41 AM

This is the "Secure Login Default ACL". This access list is not applied on any of the interfaces and this is a new security feature added to the latest version of IOS. If a brute force attack is launched against the router, it can be configured to apply this ACL to the VTY,AUX & CON lines to prevent access after a configured amount of failed login attempts.

The link that describes it's use is

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1cb3.html

Since this is a part of the IOS, guess the only way to remove it would be to change the IOS running on your router to 12.2. But I don't see any need to do this if it does not affect the router.

View solution in original post

4 Replies 4

Go to solution
owillins
Level 6
Level 6

‎03-05-2004 11:41 AM

This is the "Secure Login Default ACL". This access list is not applied on any of the interfaces and this is a new security feature added to the latest version of IOS. If a brute force attack is launched against the router, it can be configured to apply this ACL to the VTY,AUX & CON lines to prevent access after a configured amount of failed login attempts.

The link that describes it's use is

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1cb3.html

Since this is a part of the IOS, guess the only way to remove it would be to change the IOS running on your router to 12.2. But I don't see any need to do this if it does not affect the router.

Go to solution
m.pizzi
Level 1
Level 1
In response to owillins

‎03-05-2004 02:14 PM

Thanks a lot for your reply.

0 Helpful

Go to solution
D Kendz
Level 1
Level 1
In response to owillins

‎08-22-2019 11:41 AM

The link is broken

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to D Kendz

‎08-24-2019 03:01 PM

Considering that the link goes back to at least 2004 I am not surprised that it no longer works. Here is a link that mentions that acl. I hope you find it helpful

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/xe-3s/sec-usr-cfg-xe-3s-book/sec-login-enhance.html

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents