Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
5
Helpful
2
Replies

strange acl on cisco2811

Go to solution
fsoffia
Level 1
Level 1

‎01-10-2006 06:49 AM - edited ‎03-03-2019 11:25 AM

hallo,

on two new cisco2811 with ios 12.3(8)T11 I see a named extended access-list that does not appear in running-config but only in show access-lists. This is the access-list:

Extended IP access list sl_def_acl

10 deny tcp any any eq telnet log

20 deny tcp any any eq www log

30 deny tcp any any eq 22 log

40 permit ip any any log

I can't delete it.

Where does it come from ?

How can I delete it ?

best regards

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎01-10-2006 09:18 AM

I have seen this access list before. As far as I know it is built into the IOS as part of SDM. I have not found a way to delete it and believe that it is not possible to delete it since it appears to be inserted as part of IOS. I can not tell that it does anything (especially if you do not use SDM). My advice is to leave it alone and do not worry about it.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
b-ulrich
Level 3
Level 3
In response to Richard Burts

‎01-10-2006 12:28 PM

Hi, I saw this on a 2851 and asked our Cisco rep about it. Here is what he had to say: The Secure Login feature adds a default access-list "sl_def_acl", to block all the logins made via telnet, ssh and http when the router enters quiet mode.

This is configured with "login block-for attempts within ", which basically turns on the feature.

However, the default access-list is created even when the feature is not turned on.

Here is the url

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1cb3.html

View solution in original post

2 Replies 2

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎01-10-2006 09:18 AM

I have seen this access list before. As far as I know it is built into the IOS as part of SDM. I have not found a way to delete it and believe that it is not possible to delete it since it appears to be inserted as part of IOS. I can not tell that it does anything (especially if you do not use SDM). My advice is to leave it alone and do not worry about it.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
b-ulrich
Level 3
Level 3
In response to Richard Burts

‎01-10-2006 12:28 PM

Hi, I saw this on a 2851 and asked our Cisco rep about it. Here is what he had to say: The Secure Login feature adds a default access-list "sl_def_acl", to block all the logins made via telnet, ssh and http when the router enters quiet mode.

This is configured with "login block-for attempts within ", which basically turns on the feature.

However, the default access-list is created even when the feature is not turned on.

Here is the url

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1cb3.html

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card