deny (Management) 319
■ vlan-id — A valid VLAN number.
■ port-channel-number — A valid port channel index.
■ ip-address — A valid source IP address.
■ mask — A valid network mask of the source IP address.
■ prefix-length — Number of bits that comprise the source IP address
prefix. The prefix length must be preceded by a forward slash (/).
(Range: 0-32)
■ service — Service type. Possible values: telnet, ssh, http, https and
snmp.
Default Configuration
If no permit rule is defined, the default is set to deny.
Command Mode
Management Access-list Configuration mode
User Guidelines
Rules with Ethernet, VLAN and port-channel parameters are valid only if
an IP address is defined on the appropriate interface.
The system supports up to 128 management access rules.
Example
The following example permits all ports in the access list called ‘mlist’.
deny
(Management)
The deny Management Access-List Configuration mode command
defines a deny rule.
Syntax
deny [ethernet interface-number | vlan vlan-id | port-channel
port-channel-number |] [service service]
deny ip-source ip-address [mask mask | prefix-length] [ethernet
interface-number | vlan vlan-id | port-channel port-channel-number |]
[service service]
Console(config)#
management access-list
mlist
Console(config-macl)#
permit