What is the sl_def_acl access list
Recenty, a lot of people were looking for information on the sl_def_acl access list. Here's the whole story: if you've configured IOS login enhancements on your router, the router generates an access list named sl_def_acl (unless you specify your own with the login quiet-mode access-class command) the first time it has to enter the quiet mode. This access-list is then applied to the VTY lines whenever the router enters the quiet mode and removed from the after the quiet period is over. The access list itself is left in the running configuration.
For those of you interested in the details, the sl_def_acl access list contains these lines in IOS release 12.4(9)T:
router#show access-list
Extended IP access list sl_def_acl
10 deny tcp any any eq telnet log
20 deny tcp any any eq www log
30 deny tcp any any eq 22 log
40 permit tcp any any eq 22 log
The last line makes me wonder if the programmers of this particular feature should attend the ICND course first :).
Extended IP access list sl_def_acl
10 deny tcp any any eq telnet log
20 deny tcp any any eq www log
30 deny tcp any any eq 22 log
40 permit ip any any log
running 12.4(25b) here.
Extended IP access list sl_def_acl
10 deny tcp any any eq telnet log
20 deny tcp any any eq www log
30 deny tcp any any eq 22 log
40 permit tcp any any eq 22 log
Router(config)#do sho access-lists
Extended IP access list sl_def_acl
10 deny tcp any any eq telnet log
20 deny tcp any any eq www log
30 deny tcp any any eq 22 log
40 permit tcp any any eq 22 log
Router(config)#
15.1 is similarly "bugged"
From the looks of this it would be better to create your own access list I would have thought.
i can try test ....my device cannot be access telnet or ssh to router
sl_acl_def ...i use apply at telnet, ssh and line 2