Netgear M4200-10MG-PoE+ (GSM4210P) - Multigigabit Managed Switch with 8*2.5G and 2x10G SFP+ Layer 3 Administrator's Guide

The following examples show how to configure a management ACL.

Permit any host to access the managed VLAN IP address of 169.254.100.100 through a 
Telnet or HTTP connection:

Permit a specific host access the switch over an SSH connection only.

This feature extends the existing IPv4 ACL by providing support for IPv6 packet 
classification. Each ACL is a set of up to 12 rules applied to inbound traffic. Each rule 
specifies whether the contents of a given field should be used to permit or deny access to the 
network, and can apply to one or more of the following fields within a packet:

Source IPv6 prefix

Destination IPv6 prefix

Protocol number

Source Layer 4 port

Destination Layer 4 port

DSCP value

Flow label

(Netgear Switch) (Config)#ip access-list acl_for_cpu

(Netgear Switch) (Config-ipv4-acl)#permit tcp any 169.254.100.100 0.0.0.0 eq telnet

(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq http

(Netgear Switch) (Config-ipv4-acl)#permit tcp any 169.254.100.100 0.0.0.0 eq http

(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq http

(Netgear Switch) (Config-ipv4-acl)#deny every

(Netgear Switch) (Config-ipv4-acl)#exit

(Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane

(Netgear Switch) (Config)#ip access-list acl_for_cpu

(Netgear Switch) (Config-ipv4-acl)#permit tcp 10.100.5.13  0.0.0.0 any  eq ssh

(Netgear Switch) (Config-ipv4-acl)#deny tcp any any  eq ssh

(Netgear Switch) (Config-ipv4-acl)#permit every

(Netgear Switch) (Config-ipv4-acl)#exit

(Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane