You want to block access to Management Center CLI for specific Subnets i.e. you want to have ACL for MC CLI; However, the below command show up as invalid syntax:

(config)# security allow-hosts add #.#.#.#/25

where #.#.#.#/25 is the only subnet you wish to allow MC access to. 

Also, the CLI is still accessible from other IPs even if we use only singular IP instead of the subnet:

(config)# security allow-hosts add #.#.#.#

The 'security allow-hosts add' command does not accept subnets, you will have to enter individual IP addresses here. More importantly, this command is only for determining GUI access and not for CLI access.

Additionally, a restart of the MC is required for the changes to take any effect.

Please use the below ACL configuration commands instead to configure the ACL:

MgmtCtr(config-acl)# rule #.#.#.#/25 Management

MgmtCtr(config-acl)# rule #.#.#.#/25 HTTPS

MgmtCtr(config-acl)#enable

These commands will apply ACL & block the CLI & GUI respectively for all other IPs. Please note a restart of the MC is required to take effect here as well.