...
console#show management access-class
Management access-class is enabled, using access-list IP
Можно сделать разрешение доступа c конкретных физических интерфейсов, port channel, VLAN для отдельных сервисов:
console(config-macl)#permit
ip-source To restrict conditions for source ip address use
permit ip-source command.
service Define service type condition.
ace-priority The priority of the rule.
GigabitEthernet Giga ethernet interface to configure
TengigabitEthernet 10 Giga ethernet interface to configure
Port-Channel Ethernet Channel of interfaces
vlan IEEE 802.1Q Vlans
<CR>
console(config-macl)#permit GigabitEthernet 1/0/1
service Define service type condition.
ace-priority The priority of the rule.
<CR>
console(config-macl)#permit GigabitEthernet 1/0/1 service
telnet Telnet service type
snmp SNMP service type.
http HTTP service type.
https HTTPS service type.
ssh SSH service type.
Аналогичные возможности для запрета доступа :
console(config-macl)#deny
ip-source To restrict conditions for source ip address use deny
ip-source command.
service Define service type condition.
ace-priority The priority of the rule.
GigabitEthernet Giga ethernet interface to configure
TengigabitEthernet 10 Giga ethernet interface to configure
Port-Channel Ethernet Channel of interfaces
vlan IEEE 802.1Q Vlans