Management ACL 191
•
mask
prefix-length
—Specifies the number of bits that comprise the source IP address
prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32)
•
service
service
—Indicates service type. Can be one of the following:
telnet
,
ssh
,
http,
https
or
snmp
.
Default Configuration
If no
permit
statement is present, the default is set to
deny.
Command Mode
Management Access-list Configuration mode
User Guidelines
• Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is
defined on the appropriate interface.The system supports up to 256 management access
rules.
Example
The following example shows how all ports are permitted in the access-list called "mlist".
deny (management)
The
deny
Management Access-List Configuration mode command defines a deny rule.
Syntax
deny
[
ethernet
interface-number
|
vlan
vlan-id
|
port-channel
number
] [
service
service
]
deny ip-source
ip-address
[
mask
mask
|
prefix-length
] [
ethernet
interface-number
|
vlan
vlan-
id
|
port-channel
number
] [
service
service
]
•
ethernet
interface-number
—A valid Ethernet port number.
•
vlan
vlan-id
—A valid VLAN number.
•
port-channel
number
—A valid port-channel number.
•
ip-address
—Source IP address. (Range: Valid IP Address)
•
mask
mask
—Specifies the network mask of the source IP address. (Range: Valid subnet
mask)
•
mask
prefix-length
—Specifies the number of bits that comprise the source IP address
prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32)
Console (config)# management access-list mlist
Console (config-macl)# permit