enable access-list permit to-cpu

enable access-list permit to-cpu

Description

Enables control packets to reach CPU, even if an ACL (Access Control List) would deny them.

Syntax Description

This command has no arguments or variables.

Default

Enabled.

Usage Guidelines

This command allows control packets to reach the CPU, even if the packets match ACLs that would otherwise deny them. The control packets include STP (Spanning Tree Protocol) and EAPS (Extreme Automatic Protection Switching) BPDUs, and ARP replies for the switch.

If this feature is disabled, these same packets will be denied if an ACL is applied that contains a matching entry that denies the packets. Contrary to expectations, when this feature is disabled, the packets will still be denied if there is a higher precedence entry that permits the packets.

To disable this feature, use the following command:

disable access-list permit to-cpu

Example

The following command enables STP BPDU packets to reach the switch CPU, despite any ACL:

enable access-list permit to-cpu

History

This command was first available in ExtremeXOS 11.3.2.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.