Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6660
Views
20
Helpful
3
Replies

Switch default ACL

Go to solution
MrBeginner
Spotlight
Spotlight

‎01-13-2019 07:45 PM - edited ‎03-08-2019 05:01 PM

Dear All,

I would like to ask about ACL for switch in default configuration.

When i see "sh ip access-list" in cisco switch,it show below output.

 

Extended IP access list CISCO-CWA-URL-REDIRECT-ACL
100 deny udp any any eq domain
101 deny tcp any any eq domain
102 deny udp any eq bootps any
103 deny udp any any eq bootpc
104 deny udp any eq bootpc any
105 permit tcp any any eq www
Extended IP access list preauth_ipv4_acl (per-user)
10 permit udp any any eq domain
20 permit tcp any any eq domain
30 permit udp any eq bootps any
40 permit udp any any eq bootpc
50 permit udp any eq bootpc any
60 deny ip any any
Extended IP access list sl_def_acl
10 deny tcp any any eq telnet
20 deny tcp any any eq www
30 deny tcp any any eq 22
40 permit ip any any

 

Let me know what is this and can we edit this default configuration ? i am using WS-c1960+24TC-LL (LAN Lite).I i confuse about it. and i can add deny or permit port and service in default ACL rule ,Please ? Let me know those acl can work without binding to interfaces ?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎01-13-2019 07:48 PM

amigo,

 

sure you can edit the ACL. the question is, is it applied to an interface? (if its not applied its not really doing anything)   so on any vlan interface you have like an access-group command, that would tie the ACL to the layer 3 interface. two questions:

 

1-what is you are trying to achieve?

2-what is your complete config on your switch?

 

thanks

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to MrBeginner

‎01-13-2019 08:30 PM

Hi,

If you don't see any access-group applied to any interfaces than the ACLs are not doing anything.

HTH

View solution in original post

3 Replies 3

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎01-13-2019 07:48 PM

amigo,

 

sure you can edit the ACL. the question is, is it applied to an interface? (if its not applied its not really doing anything)   so on any vlan interface you have like an access-group command, that would tie the ACL to the layer 3 interface. two questions:

 

1-what is you are trying to achieve?

2-what is your complete config on your switch?

 

thanks

Please remember to rate useful posts, by clicking on the stars below.

Go to solution
MrBeginner
Spotlight
Spotlight
In response to Dennis Mink

‎01-13-2019 07:55 PM

Hi,

I just want to know t this acl rule in switches without apply to interfaces and vlan. 

I didn't see any access-group. it already apply in default configuration. i didn't put any configuration .Because it is new switches  and I just want to confirm LAN Lite can support ACL or not.

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to MrBeginner

‎01-13-2019 08:30 PM

Hi,

If you don't see any access-group applied to any interfaces than the ACLs are not doing anything.

HTH

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card