Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

strange acl on cisco2811

hallo,

on two new cisco2811 with ios 12.3(8)T11 I see a named extended access-list that does not appear in running-config but only in show access-lists. This is the access-list:

Extended IP access list sl_def_acl

10 deny tcp any any eq telnet log

20 deny tcp any any eq www log

30 deny tcp any any eq 22 log

40 permit ip any any log

I can't delete it.

Where does it come from ?

How can I delete it ?

best regards

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Gold

Re: strange acl on cisco2811

I have seen this access list before. As far as I know it is built into the IOS as part of SDM. I have not found a way to delete it and believe that it is not possible to delete it since it appears to be inserted as part of IOS. I can not tell that it does anything (especially if you do not use SDM). My advice is to leave it alone and do not worry about it.

HTH

Rick

New Member

Re: strange acl on cisco2811

Hi, I saw this on a 2851 and asked our Cisco rep about it. Here is what he had to say: The Secure Login feature adds a default access-list "sl_def_acl", to block all the logins made via telnet, ssh and http when the router enters quiet mode.

This is configured with "login block-for attempts within ", which basically turns on the feature.

However, the default access-list is created even when the feature is not turned on.

Here is the url

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1cb3.html

2 REPLIES
Hall of Fame Super Gold

Re: strange acl on cisco2811

I have seen this access list before. As far as I know it is built into the IOS as part of SDM. I have not found a way to delete it and believe that it is not possible to delete it since it appears to be inserted as part of IOS. I can not tell that it does anything (especially if you do not use SDM). My advice is to leave it alone and do not worry about it.

HTH

Rick

New Member

Re: strange acl on cisco2811

Hi, I saw this on a 2851 and asked our Cisco rep about it. Here is what he had to say: The Secure Login feature adds a default access-list "sl_def_acl", to block all the logins made via telnet, ssh and http when the router enters quiet mode.

This is configured with "login block-for attempts within ", which basically turns on the feature.

However, the default access-list is created even when the feature is not turned on.

Here is the url

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1cb3.html

132
Views
5
Helpful
2
Replies
CreatePlease to create content