Controlling Management Access 217
permit ip-source
ip-
address
[mask
mask
|
prefix-length
] [
interface-
type interface-number
]
[service
service
] [priority
priority-value
]
Allow access to the management interface from hosts that
meet the specified IP address value and other optional
criteria.
•
interface-type
interface-number
— A valid port, LAG, or
VLAN interface, for example gi1/0/13, port-channel 3, or
vlan 200.
•
ip-address
— Source IP address.
•
mask
mask
— Specifies the network mask of the source
IP address.
•
mask
prefix-length
— Specifies the number of bits that
comprise the source IP address prefix. The prefix length
must be preceded by a forward slash (/). (Range: 0–32)
•
service
service
— Indicates service type. Can be one of
the following: telnet, ssh, http, https, tftp, snmp, sntp, or
any.
•
priority
priority-value
— Priority for the rule. (Range: 1 –
64)
permit {
interface-type
interface-number
}
[service
service
] [priority
priority-value
]
Permit access to the management interface from the
specified port, VLAN, or LAG and meet the other optional
criteria.
permit service
service
[priority
priority-value
]
Permit access to the management interface from the
specified service.
exit Exit to Global Configuration mode.
management access-
class {console-only |
name
}
Activate the management ACL or restrict access so that it
is available only through the console port.
exit Exit to Privileged EXEC mode.
show management
access-class
Display information about the active management access
list.
show management
access-list [
name
]
Display information about the configured management
ACL and its rules.
Command Purpose