Permit (management) – Allied Telesis AT-S95 CLI User Manual

Management ACL Commands

Page 145

The following example creates a management Access List called mlist, configures all interfaces to be
management interfaces except Ethernet interfaces 1/g1 and 2/g9 and makes the new Access List the active list.

permit (Management)

The permit Management Access-List Configuration mode command defines a permit rule.

Syntax

permit [ethernet interface-number | vlan vlan-id | port-channel port-channel-number] [service service]

permit ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel
port-channel-number] [service service]

Parameters
•

interface-number — A valid Ethernet port number.

•

vlan-id — A valid VLAN number.

•

port-channel-number — A valid port channel index.

•

ip-address — A valid source IP address.

•

mask — A valid network mask of the source IP address.

•

prefix-length — Number of bits that comprise the source IP address prefix. The prefix length must be

preceded by a forward slash (/). (Range: 0 - 32)

•

service — Service type. Possible values: telnet, ssh, http, https and snmp.

Default Configuration

If no permit rule is defined, the default is set to deny.

Command Mode

Management Access-list Configuration mode

User Guidelines

Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the
appropriate interface.

The system supports up to 128 management access rules.

Example

The following example permits all ports in the mlist Access List.

Console(config)# management access-list mlist
Console(config-macl)# deny ethernet 1/g1
Console(config-macl)# deny ethernet 2/g9
Console(config-macl)# permit
Console(config-macl)# exit
Console(config)# management access-class mlist

Console(config)# management access-list mlist
Console(config-macl)# permit