Management ACL Commands
78-21075-01 Command Line Interface Reference Guide
Syntax
[interface-id] [service service]
deny
{ipv4-address | ipv6-address/ipv6-prefix-length} [mask {mask |
deny ip-source
prefix-length}] [interface-id] [service service]
Parameters
•
interface-id—Specifies an interface ID. The interface ID can be one of the
following types: Ethernet port, Port-channel or VLAN
•
service
service
SSH, HTTP, HTTPS and SNMP.
•
ipv4-address—Specifies the source IPv4 address.
•
ipv6-address/ipv6-prefix-length—Specifies the source IPv6 address and
source IPv6 address prefix length. The prefix length must be preceded by a
forward slash (/). The parameter is optional.
•
mask
mask
—Specifies the source IPv4 address network mask. The
parameter is relevant only to IPv4 addresses.
•
prefix-length
mask
IPv4 address prefix. The prefix length must be preceded by a forward slash
(/). The parameter is relevant only to IPv4 addresses. (Range: 0–32)
Default Configuration
No rules are configured.
Command Mode
Management Access-List Configuration mode
User Guidelines
Rules with ethernet, VLAN, and port-channel parameters are valid only if an IP
address is defined on the appropriate interface.
Example
The following example denies all ports in the ACL called mlist.
switchxxxxxx(config)#
switchxxxxxx(config-macl)#
—Specifies the service type. Possible values are: Telnet,
—Specifies the number of bits that comprise the source
management access-list
deny
mlist
11
193