•
prefix-length — Number of bits that comprise the source IP address prefix. The prefix
length must be preceded by a forward slash (/). (Range: 0 - 32)
•
service — Service type. Possible values: telnet, ssh, http, https and snmp.
Default Configuration
If no permit rule is defined, the default is set to deny.
Command Mode
Management Access-list Configuration mode
User Guidelines
•
Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is
defined on the appropriate interface.
•
The system supports up to 128 management access rules.
Example
The following example permits all ports in the mlist access list.
Console(config)# management access-list mlist
Console(config-macl)# permit
deny (Management)
The deny Management Access-List Configuration mode command defines a deny rule.
Syntax
deny [ethernet interface-number | vlan vlan-id | port-channel port-channel-number] [service
service]
deny ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-
id | port-channel port-channel-number] [service service]
•
interface-number — A valid Ethernet port number.
•
vlan-id — A valid VLAN number.
•
port-channel-number — A valid port-channel number.
•
ip-address — A valid source IP address.
•
mask — A valid network mask of the source IP address.
•
mask prefix-length — Specifies the number of bits that comprise the source IP address
prefix. The prefix length must be preceded by a forward slash (/). (Range: 0-32)
•
service — Service type. Possible values: telnet, ssh, http, https and snmp.
D E L L C O N F I D E N T I A L – P R E L I M I N A R Y 9 / 1 3 / 0 6 – F O R P R O O F O N LY
227
Management ACL