You will find a lot of the

jeffrey.rees1 · ‎02-10-2016

Hi,

I have introduced a new Cisco 3650 into an environment, on doing some checks i've discovered that there are some ACLs applied, even though there are none in the configuration? Does anyone have an explanation for this?

Please find the output below

Software version:

Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.07.02E RELEASE SOFTWARE (fc1)

#show access-list
Extended IP access list preauth_ipv4_acl (per-user)
    10 permit udp any any eq domain
    20 permit tcp any any eq domain
    30 permit udp any eq bootps any
    40 permit udp any any eq bootpc
    50 permit udp any eq bootpc any
    60 deny ip any any
IPv6 access list preauth_ipv6_acl (per-user)
    permit udp any any eq domain sequence 10
    permit tcp any any eq domain sequence 20
    permit icmp any any nd-ns sequence 30
    permit icmp any any nd-na sequence 40
    permit icmp any any router-solicitation sequence 50
    permit icmp any any router-advertisement sequence 60
    permit icmp any any redirect sequence 70
    permit udp any eq 547 any eq 546 sequence 80
    permit udp any eq 546 any eq 547 sequence 90
    deny ipv6 any any sequence 100

Any assistance would be great?

kimek4901 · ‎02-10-2016

Hi Jeffrey,

Do you have authentication setup on switch? It can be related to 802.1x config on ports.

Regards,

Marcin

Mark Malone · ‎02-10-2016

You will find a lot of the command syntax is hidden on some switches , do a show run all you will see everything that is configured in the background

Some platforms come with default syntax applied and hidden , 6500s and Nexus switches can sometimes have massive amount of hidden lines by default.

Cisco 3650 default ACLs?

Any assistance would be great?