Use this procedure for applying a Layer
3 ACL to the management interface, using the {ip | ipv6} access-group
command.
Note
If an explicit "deny ip any any" IP rule is applied to the management interface, that IP rule has priority over any TCP or UDP rules. Any incoming TCP packets that match that IP rule are dropped because the TCP packet has an IP header.
-
Enter
configure terminal to access global configuration mode.
device# configure terminal
-
Use the
interface management command to enter configuration mode for the management interface.
device(config)# interface management 0
-
To apply an IPv4 ACL to the management interface, enter the
ip access-group command, specifying the ACL that you are applying to the interface, and
in.
device(config-Management-0)# ip access-group stdACL3 in
-
To apply an IPv6 ACL to the management interface, enter the
ipv6 access-group command, specifying the ACL that you are applying to the interface, and
in.
device(config-Management-0k)# ipv6 access-group stdV6ACL1 in
