Reference Guide
Management ACL 227
•
prefix-length
— Number of bits that comprise the source IP address prefix. The prefix
length must be preceded by a forward slash (/). (Range: 0 - 32)
•
service
— Service type. Possible values:
telnet
,
ssh
,
http,
https
and
snmp
.
Default Configuration
If no permit rule is defined, the default is set to deny
.
Command Mode
Management Access-list Configuration mode
User Guidelines
• Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is
defined on the appropriate interface.
• The system supports up to 128 management access rules.
Example
The following example permits all ports in the mlist access list.
deny (Management)
The deny Management Access-List Configuration mode command defines a deny rule.
Syntax
deny
[
ethernet
interface-number
|
vlan
vlan-id
|
port-channel
port-channel-number
] [
service
service
]
deny ip-source
ip-address
[
mask
mask
|
prefix-length
] [
ethernet
interface-number
|
vlan
vlan-
id
|
port-channel
port-channel-number
] [
service
service
]
•
interface-number
— A valid Ethernet port number.
•
vlan-id
— A valid VLAN number.
•
port-channel-number
— A valid port-channel number.
•
ip-address
— A valid source IP address.
•
mask
— A valid network mask of the source IP address.
•
mask
prefix-length
— Specifies the number of bits that comprise the source IP address
prefix. The prefix length must be preceded by a forward slash (/). (Range: 0-32)
•
service
— Service type. Possible values:
telnet
,
ssh
,
http,
https
and
snmp
.
Console(config)# management access-list mlist
Console(config-macl)# permit