Guest

Preview Tool

Cisco Bug: CSCuq74704 - secure login - user can modify/delete default acl created by aaa

Last Modified

Sep 09, 2014

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

7.1(0)RGD(0.9)

Description (partial)

Symptom:
The default ACL for secure login feature is:

switch# show access-lists dynamic 

IP access list sl_def_acl
  statistics per-entry
  10 deny tcp any any eq telnet syn 
  20 deny tcp any any eq www syn 
  30 deny tcp any any eq 22 syn 
  40 permit ip any any

User is allowed to remove this ACL with just a warning

Conditions:
When secure login feature is enabled, the sl_def_acl is created.
This is when user can remove/modify this ACL
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.