272 Management ACLdeny (management)The deny Management Access-List Configuration mode command defines a deny rule.Syntax• deny [ethernet interface-number | vlan vlan-id | port-channel number] [service service]• deny ip-source {ipv4-address | ipv6-address/prefix-length}[mask mask | prefix-length] [ethernetinterface-number | vlan vlan-id | port-channel number] [service service]• ethernet interface-number — A valid Ethernet port number.• vlan vlan-id — A valid VLAN number.• port-channel number — A valid port-channel number.• ipv4-address — Source IPv4 address.• ipv6-address/prefix-length — Source IPv6 address and prefix length. The prefix length is optional.• mask mask — Specifies the network mask of the source IPv4 address. The parameter is relevantonly to IPv4 addresses. (Range: Valid subnet mask)• mask prefix-length — Specifies the number of bits that comprise the source IPv4 address prefix.The prefix length must be preceded by a forward slash (/). The parameter is relevant only to IPv4addresses. (Range: 0 - 32)• service service — Indicates service type. Can be one of the following: telnet, ssh, http, https orsnmp.Default ConfigurationThis command has no default configuration.Command ModeManagement Access-list Configuration mode.User Guidelines• Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined onthe appropriate interface.The system supports up to 256 management access rules.ExampleThe following example shows how all ports are denied in the Access-List called ’mlist’.Console (config)# management access-list mlistConsole (config-macl)# deny5400_CLI.book Page 272 Wednesday, December 17, 2008 4:33 PM