deny (Management)
To set the deny rules (ACEs) for the management ACL, use the deny Management Access-List Configuration mode command.
Syntax
[sequence sequence-number] deny interfaces interface-id service service
[sequence sequence-number] deny {ip ipv4-address/ipv4mask | ipv6 ipv6-address/ipv6-prefix-length} [interfaces interface-id] service service
Parameters
sequence sequence-number—(Optional) Specifies the sequence number for the ACL statement. The acceptable range is from 1 to 65535. If not specified, the switch provides a number starting from 1 in ascending order.
interfaces interface-id—(Optional) Specifies an interface ID or a list of interface IDs. The interface can be one of these types: Ethernet port or port channel.
service service—Specifies the type of service. Possible values are all, Telnet, SSH, HTTP, HTTPS, and SNMP.
ip ipv4-address/ipv4-mask—Specifies the source IPv4 address and mask address.
ipv6 ipv6-address/ipv6-prefix-length—Specifies the source IPv6 address and source IPv6 address prefix length. The prefix length must be preceded by a forward slash (/). The parameter is optional.
Default Configuration
No rules are configured.
Command Mode
Management Access-List Configuration mode
User Guidelines
The rules with Ethernet and port channel parameters are valid only if an IP address is defined on the appropriate interface.
Example
switchxxxxxx(config)# management access-list mlist
switchxxxxxx(config-macl)# deny ip 192.168.1.111/0.0.255.255 interfaces gi11 service http
switchxxxxxx(config-macl)# exit