From: Jung, Jin (jin.jung@lmco.com)
Date: Thu Jun 24 2004 - 12:37:03 GMT-3
Did this router came directly from Cisco or 3rd party partner.
If you have purchased this from 3rd party partner, most likely they have
put this access-list.
I had some routers come in with some configs on them.
And it looked like someone was testing out the WAN cards or other
hardware to make sure it was working.
-- Just a guess.
Jin Jung CCIE#12368
Network Infrastructure Engineer, Sr.
Lockheed Martin EIS IE Network Sustaining Engineering
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
robbie
Sent: Thursday, June 24, 2004 11:25 AM
To: ccielab@groupstudy.com
Subject: Re: ACL that was in new router
Zachary Hinz wrote:
> Hello,
>
> I just received and installed a brand new (not refurbished) router and
> it has an ACL on it that isn't applied and doesn't show up in the
> config. It can only be seen by issuing the command "show ip
> access-lists." The router is a 2621XM with the VPN AIM in it. It is
> running c2600-advipservicesk9-mz.123-4.T4.bin. The name of the ACL
that
> displays is "sl_def_acl." I've googled it and get no info on this
ACL.
> It don't see that it is applied anywhere and it hasn't taken any hits.
> Here is the ACL.
>
> Extended IP access list sl_def_acl
> 10 deny tcp any any eq telnet log
> 20 deny tcp any any eq www log
> 30 deny tcp any any eq 22 log
> 40 permit ip any any log
>
> Anyone have any info on this.
>
> Zac Hinz
> CCIE 12,419
If I had to guess, I would surmise that it has something to do with
securing the router/network against intrusion upon connection to a
network, much like Windows 2003 server comes installed in near-paranoia
security mode now. I take it that this ACL isn't applied to an
interface? Have you been able to SSH/telnet to the router, or only
logged in via console?
Robbie.
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:49 GMT-3