console(config-macal)# exit
console(config) # management access-class mlist
permit (management)
Use the permit command in Management Access-List configuration mode to
set conditions for allowing packets to flow to the switch management
function.
Syntax
permit ip-source ip-address [mask mask | prefix-length] [gigabitethernet
unit/slot/port | vlan vlan-id | port-channel port-channel-number |
tengigabitethernet unit/slot/port |fortygigabitethernet unit/slot/port][
service service ] [ priority priority-value ]
permit {gigabitethernet unit/slot/port | vlan vlan-id | port-channel port-
channel-number | tengigabitethernet unit/slot/port |fortygigabitethernet
unit/slot/port} [service service] [priority priority-value]
permit service service [priority priority-value]
permit priority priority-value
gigabitethernet unit/slot/port — A valid Gigabit Ethernet routed port
•
number.
•
vlan vlan-id — A valid VLAN number.
•
port-channel port-channel-number — A valid port channel number.
tengigabitethernet unit/slot/port — A valid 10-Gigabit Ethernet routed
•
port number.
•
fortygigabitethernet unit/slot/port – A valid 40-Gigabit Ethernet routed
port number.
•
ip-address — Source IP address.
•
mask mask — Specifies the network mask of the source IP address.
•
mask prefix-length — Specifies the number of bits that comprise the
source IP address prefix. The prefix length must be preceded by a forward
slash (/). (Range: 0–32)
service service — Indicates service type. It can be one of the following:
•
telnet, ssh, http, https, tftp, snmp, sntp, or any. The any keyword indicates
that the service match for the ACL is effectively "don't care".
Security Commands
1041