02-10-2016 01:49 AM - edited 03-08-2019 04:32 AM
Hi,
I have introduced a new Cisco 3650 into an environment, on doing some checks i've discovered that there are some ACLs applied, even though there are none in the configuration? Does anyone have an explanation for this?
Please find the output below
Software version:
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.07.02E RELEASE SOFTWARE (fc1)
#show access-list
Extended IP access list preauth_ipv4_acl (per-user)
10 permit udp any any eq domain
20 permit tcp any any eq domain
30 permit udp any eq bootps any
40 permit udp any any eq bootpc
50 permit udp any eq bootpc any
60 deny ip any any
IPv6 access list preauth_ipv6_acl (per-user)
permit udp any any eq domain sequence 10
permit tcp any any eq domain sequence 20
permit icmp any any nd-ns sequence 30
permit icmp any any nd-na sequence 40
permit icmp any any router-solicitation sequence 50
permit icmp any any router-advertisement sequence 60
permit icmp any any redirect sequence 70
permit udp any eq 547 any eq 546 sequence 80
permit udp any eq 546 any eq 547 sequence 90
deny ipv6 any any sequence 100
02-10-2016 02:45 AM
Hi Jeffrey,
Do you have authentication setup on switch? It can be related to 802.1x config on ports.
Regards,
Marcin
02-10-2016 03:58 AM
You will find a lot of the command syntax is hidden on some switches , do a show run all you will see everything that is configured in the background
Some platforms come with default syntax applied and hidden , 6500s and Nexus switches can sometimes have massive amount of hidden lines by default.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: