272 Management ACL
deny (management)
The deny Management Access-List Configuration mode command defines a deny rule.
Syntax
•
deny
[
ethernet
interface-number
|
vlan
vlan-id
|
port-channel
number
] [
service
service
]
•
deny ip-source
{
ipv4-address | ipv6-address/prefix-length
}[
mask
mask
|
prefix-length
] [
ethernet
interface-number
|
vlan
vlan-id
|
port-channel
number
] [
service
service
]
•
ethernet
interface-number
— A valid Ethernet port number.
•
vlan
vlan-id
— A valid VLAN number.
•
port-channel
number
— A valid port-channel number.
•
ipv4-address
— Source IPv4 address.
•
ipv6-address/prefix-length
— Source IPv6 address and prefix length. The prefix length is optional.
•
mask
mask
— Specifies the network mask of the source IPv4 address. The parameter is relevant
only to IPv4 addresses. (Range: Valid subnet mask)
•
mask
prefix-length
— Specifies the number of bits that comprise the source IPv4 address prefix.
The prefix length must be preceded by a forward slash (/). The parameter is relevant only to IPv4
addresses. (Range: 0 - 32)
•
service
service
— Indicates service type. Can be one of the following:
telnet
,
ssh
,
http,
https
or
snmp
.
Default Configuration
This command has no default configuration.
Command Mode
Management Access-list Configuration mode.
User Guidelines
• Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on
the appropriate interface.The system supports up to 256 management access rules.
Example
The following example shows how all ports are denied in the Access-List called ’mlist’.
Console (config)# management access-list mlist
Console (config-macl)# deny
5400_CLI.book Page 272 Wednesday, December 17, 2008 4:33 PM