248 Management ACL
deny (Management)
The deny Management Access-List Configuration mode command defines a deny rule.
Syntax
•
deny
[
ethernet
interface-number
|
vlan
vlan-id
|
port-channel
port-channel-number
] [
service
service
]
•
deny ip-source
{
ipv4-address | ipv6-address/prefix-length
}[
mask
mask
|
prefix-length
] [
ethernet
interface-number
|
vlan
vlan-id
|
port-channel
number
] [
service
service
]
•
ethernet
interface-number
— A valid Ethernet port number.
•
vlan
vlan-id
— A valid VLAN number.
•
port-channel
number
— A valid port-channel number.
•
ipv4-address
— Source IPv4 address.
•
ipv6-address/prefix-length
— Source IPv6 address and prefix length. The prefix length is optional.
•
mask
mask
— A valid network mask of the source IP address.
•
mask
prefix-length
— Specifies the number of bits that comprise the source IP address prefix. The
prefix length must be preceded by a forward slash (/). (Range: 0-32)
•
service
service
— Service type. Possible values:
telnet
,
ssh
,
http,
https
and
snmp
.
Default Configuration
This command has no default configuration.
Command Mode
Management Access-list Configuration mode.
User Guidelines
• Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on
the appropriate interface.
• The system supports up to 128 management access rules.
Example
The following example denies all ports in the access list called mlist.
Console(config)# management access-list mlist
Console(config-macl)# deny
book.book Page 248 Thursday, December 18, 2008 7:40 PM
To Next Page
Loading...
Need help?
General
Weight and Dimensions
