disable access-list permit to-cpu

disable access-list permit to-cpu

Description

Allows special packets to be blocked by low priority ACL (Access Control List)s.

Syntax Description

This command has no arguments or variables.

Default

Enabled.

Usage Guidelines

This command allows ACLs to deny certain special packets from reaching the CPU, even if the packets match ACLs that would otherwise deny them. The special packets include STP (Spanning Tree Protocol) and EAPS (Extreme Automatic Protection Switching) BPDUs, and ARP replies for the switch.

When this feature is disabled, these same packets will be denied if an ACL is applied that contains a matching entry that denies the packets. Contrary to expectations, the packets will still be denied if there is a higher precedence entry that permits the packets.

To enable this feature, use the following command:

enable access-list permit to-cpu

Example

The following example enables ACLs to deny STP BPDU packets from reaching the switch CPU:

disable access-list permit to-cpu

History

This command was first available in ExtremeXOS 11.3.2.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X590, X620, X690, X870 series switches.