Administrator Guide
Security Commands 1061
deny (management)
Use the deny command in Management Access-List Configuration mode to
set conditions for disallowing packets to flow to the switch management
function.
Syntax
deny [gigabitethernet unit/slot/port | vlan vlan-id |
port-channel port-
channel-number
| tengigabitethernet unit/slot/port | fortygigabitethernet
unit/slot/port] [service service] [priority priority]
deny ip-source ip-address [mask mask | prefix-length] [gigabitethernet
unit/slot/port | vlan vlan-id |
port-channel port-channel-number
|
tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port]
[service service] [priority priority]
• gigabitethernet unit/slot/port — A valid 1-Gigabit Ethernet-routed port
number.
• vlan vlan-id — A valid VLAN number.
• port-channel port-channel-number — A valid routed port-channel
number.
• tengigabitethernet unit/slot/port — A valid 10-Gigabit Ethernet-routed
port number.
•
fortygigabitethernet
unit/slot/port
–
A valid 40-Gigabit Ethernet-routed
port number.
• ip-address — Source IP address.
• mask mask — Specifies the network mask of the source IP address.
• mask prefix-length — Specifies the number of bits that comprise the
source IP address prefix. The prefix length must be preceded by a forward
slash (/). (Range: 0–32)
deny (management) permit (management)
management access-class show management access-class
management access-list show management access-list
no priority (management)
–