Command Line Interface Guide
Management ACL Commands 1551
User Guidelines
Rules with gigabitethernet, tengigabitethernet, fortygigabitethernet, vlan,
and port-channel parameters are valid only if an IP address is defined on the
appropriate interface. Ensure that each rule has a unique priority.
Examples
The following example shows how to configure two management interfaces,
gigabit Ethernet 1/0/1 and gigabit Ethernet 2/0/9.
console(config)#management access-list mlist
console(config-macal)# permit gigabitethernet 1/0/1
priority 1
console(config-macal)# permit gigabitethernet 2/0/9
priority 1
console(config-macal)# exit
console(config)# management access-class mlist
The following example shows how to configure all the interfaces to be
management interfaces except for two interfaces, gigabit Ethernet 1/0/1 and
2/0/9.
console(config)# management access-list mlist
console(config-macal)# deny gigabitethernet 1/0/1
priority 1
console(config-macal)# deny gigabitethernet 2/0/9
priority 2
console(config-macal)# permit priority 2
console(config-macal)# exit
console(config)# management access-class mlist
show management access-class
Use the show management access-class command in Privileged EXEC mode
to display information about the active management access list.
2CSPC4.X8100-SWUM100.book Page 1551 Wednesday, August 29, 2012 6:23 PM