deny (management)
Use the deny command in Management Access-List Configuration mode to
set conditions for the management access list.
Syntax
deny [ethernet
service
[service
deny ip-source
number
| vlan
priority
]
•
ethernet
vlan-id — A valid VLAN number.
•
vlan
•
port-channel
ip-address — Source IP address.
•
mask — Specifies the network mask of the source IP address.
•
mask
prefix-length — Specifies the number of bits that comprise the
•
mask
source IP address prefix. The prefix length must be preceded by a forward
slash (/). (Range: 0–32)
service — Indicates service type. Can be one of the following:
•
service
telnet, ssh, http, https, tftp, or snmp.
priority — Priority for the rule. (Range: 1–64)
•
priority
Default Configuration
This command has no default configuration.
Command Mode
Management Access-list Configuration mode
User Guidelines
Rules with ethernet, vlan, and port-channel parameters are valid only if an IP
address is defined on the appropriate interface. Ensure that each rule has a
unique priority.
1150
Management ACL Commands
interface-number
priority
] [priority
ip-address
[mask
vlan-id
| port-channel
interface-number — A valid Ethernet-routed port number.
number — A valid routed port-channel number.
vlan-id
| vlan
| port-channel
]
mask
prefix-length
|
number
] [service
number
interface-
] [ethernet
service
] [priority
]