Solved

What does this mean in a Cisco Switch Config?

Posted on 2013-12-23
3
862 Views
Last Modified: 2013-12-23
We are upgrading from a 3550 to a 3750 switch, and the only thing in the config I don't understand is this.

3550
ip access-list extended CMP-NAT-ACL
 dynamic Cluster-HSRP deny   ip any any
 dynamic Cluster-NAT permit ip any any

Open in new window


If I try to enter it into the 3750 I get this error.
% Only one dynamic entry can be configured per ACL.

Open in new window

and the config is saved at this.
ip access-list extended CMP-NAT-ACL
 dynamic Cluster-HSRP deny   ip any any

Open in new window


What does this policy do?  What should it be?
0
Comment
Question by:pamsauto
  • 2
3 Comments
 
LVL 15

Expert Comment

by:WalkaboutTigger
Comment Utility
So the first place I would point you to is this Cisco article on HSRP with a 3560 switch -
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swhsrp.html

and its corresponding document for the 3750
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/configuration/guide/swhsrp.html

Are you using HSRP?
0
 

Author Comment

by:pamsauto
Comment Utility
We only have one internet connection, so I would say no to using HSRP.
0
 
LVL 15

Accepted Solution

by:
WalkaboutTigger earned 500 total points
Comment Utility
Then, in my opinion, you can completely ignore this bit of the configuration unless there are other bits of the ACL you need.

But if you're not using HSRP, you can ignore the dynamic entries listed in your question.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now