Deny (management), Management access-class, Deny (management) management access-class – Allied Telesis AT-S95 CLI User Manual

Page 146

Not approved by Document Control. For review only.

Allied Telesis

Command Line Interface User’s Guide

deny (Management)

The deny Management Access-List Configuration mode command defines a deny rule.

Syntax

deny [ethernet interface-number | vlan vlan-id | port-channel port-channel-number] [service service]

deny ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel
port-channel-number] [service service]

Parameters
•

interface-number — A valid Ethernet port number.

•

vlan-id — A valid VLAN number.

•

port-channel-number — A valid port-channel number.

•

ip-address — A valid source IP address.

•

mask — A valid network mask of the source IP address.

•

mask prefix-length — Specifies the number of bits that comprise the source IP address prefix. The prefix

length must be preceded by a forward slash (/). (Range: 0-32)

•

service — Service type. Possible values: telnet, ssh, http, https and snmp.

Default Configuration

This command has no default configuration.

Command Mode

Management Access-list Configuration mode

User Guidelines

Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the
appropriate interface.

The system supports up to 128 management access rules.

Example

The following example denies all ports in the Access List called mlist.

management access-class

The management access-class Global Configuration mode command restricts management connections by
defining the active management Access List. Use the no form of this command to disable this restriction.

Syntax

management access-class {console-only | name}

no management access-class

Console(config)# management access-list mlist
Console(config-macl)# deny