318 CHAPTER 21: MANAGEMENT ACL COMMANDS
Management ACL requires a valid management interface, which is a port,
VLAN, or port-channnel with an IP address or console interface.
Management ACL only restricts access to the device for management
configuration or viewing.
Example
The following example creates a management access list called ‘mlist’,
configures management Ethernet interfaces g1 and g9 and makes the
new access list the active list.
The following example creates a management access list called ‘mlist’,
configures all interfaces to be management interfaces except Ethernet
interfaces g1 and g9 and makes the new access list the active list.
permit
(Management)
The permit Management Access-List Configuration mode command
defines a permit rule.
Syntax
permit [ethernet interface-number | vlan vlan-id | port-channel
port-channel-number |] [service service]
permit ip-source ip-address [mask mask | prefix-length] [ethernet
interface-number | vlan vlan-id | port-channel port-channel-number |]
[service service]
Parameters
■ interface-number — A valid Ethernet port number.
Console(config)#
management access-list
mlist
Console(config-macl)#
permit
ethernet
1g
Console(config-macl)#
permit
ethernet
g9
Console(config-macl)#
exit
Console(config)#
management access-class
mlist
Console(config)#
management access-list
mlist
Console(config-macl)# deny
ethernet
g1
Console(config-macl)#
deny
ethernet
g9
Console(config-macl)#
permit
Console(config-macl)#
exit
Console(config)#
management access-class
mlist