962 Management ACL Commands
The following example shows how to configure all the interfaces to be management interfaces
except for two interfaces, Ethernet 1/g1 and Ethernet 2/g9.
console(config)# management access-list mlist
console(config-macl)# deny ethernet 1/g1 priority <1-64>
console(config-macl)# deny ethernet 2/g9 priority <1-64>
console(config-macl)# permit priority <1-64>
console(config-macl)# exit
console(config) # management access-class mlist
permit (management)
Use the permit command in Management Access-List configuration mode to set conditions for
the management access list.
Syntax
permit ip-source
ip-address
[ mask
mask
|
prefix-length
] [ethernet
interface-number
| vlan
vlan-id
|port-channel
number
] [ service
service
] [ priority
priority-value
]
permit { ethernet
interface-number
| vlan
vlan-id
| port-channel
number
} [service
service
]
[priority
priority-value
]
permit service
service
[priority
priority-value
]
permit priority
priority-value
•
ethernet
interface-number
— A valid routed port number.
•
vlan
vlan-id
— A valid VLAN number.
•
port-channel
number
— A valid port channel number.
•
ip-address
— Source IP address.
•
mask
mask
— Specifies the network mask of the source IP address.
•
mask
prefix-length
— Specifies the number of bits that comprise the source IP address prefix.
The prefix length must be preceded by a forward slash (/). (Range: 0–32)
•
service
service
— Indicates service type. Can be one of the following: telnet, ssh, http, https,
tftp, snmp, or sntp.
•
priority
priority-value
— Priority for the rule. (Range: 1 – 64)
Default Configuration
This command has no default configuration.
To Next Page
Loading...
