Examples
The following example shows how to create an access-list called "mlist", configure two management
interfaces ethernet g1 and ethernet g9, and make the access-list the active list.
Console (config)# management access-list mlist
Console (config-macl)# permit ethernet g1
Console (config-macl)# permit ethernet g9
Console (config-macl)# exit
Console (config)# management access-class mlist
The following example shows how to create an access-list called "mlist", configure all interfaces to
be management interfaces except interfaces ethernet g1 and ethernet g9, and make the access-list
the active list.
Console (config)# management access-list mlist
Console (config-macl)# deny ethernet g1
Console (config-macl)# deny ethernet g9
Console (config-macl)# permit
Console (config-macl)# exit
Console (config)# management access-class mlist
permit (management)
The permit Management Access-List Configuration mode command defines a permit rule.
Syntax
permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service]
permit ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan
vlan-id | port-channel number] [service service]
•
ethernet interface-number—A valid Ethernet port number.
•
vlan vlan-id—A valid VLAN number.
•
port-channel number—A valid port channel number.
•
ip-address—Source IP address.(Range: Valid IP Address)
•
mask mask—Specifies the network mask of the source IP address. (Range: Valid subnet
mask)
190
Management ACL