disable access-list permit to-cpu

Description

Allows special packets to be blocked by low priority ACLs.

Syntax Description

This command has no arguments or variables.

Default

Enabled.

Usage Guidelines

This command allows ACLs to deny certain special packets from reaching the CPU, even if the packets match ACLs that would otherwise deny them. The special packets include STP and EAPS BPDUs, and ARP replies for the switch.

When this feature is disabled, these same packets will be denied if an ACL is applied that contains a matching entry that denies the packets. Contrary to expectations, the packets will still be denied if there is a higher precedence entry that permits the packets.

To enable this feature, use the following command:

enable access-list permit to-cpu

Example

The following example enables ACLs to deny STP BPDU packets from reaching the switch CPU:

disable access-list permit to-cpu

History

This command was first available in ExtremeXOS 11.3.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.

Switching

Routing

Wireless

Management & Automation

Analytics & Visibility

Security & Access Control

Remote

Cloud

Security

Machine Learning

Campus Fabric

Data Center Fabric

Internet of Things

Wi-Fi 6

Primary & Secondary Education (K-12)

Retail

Service Providers

Federal Government

Manufacturing

Higher Education

Healthcare

Hospitality

State & Local Government

Sports & Public Venues

Support Portal

Knowledge Base

Documentation

End of Sale

Policies & Warranties

Training & Courses

Maintenance Services

Premier Services

Professional Services

Managed Services