...
console#show management access-classManagement access-class is enabled, using access-list IP
Можно сделать разрешение доступа c конкретных физических интерфейсов, port channel, VLAN для отдельных сервисов:
console(config-macl)#permitip-source To restrict conditions for source ip address use permit ip-source command.service Define service type condition.ace-priority The priority of the rule.GigabitEthernet Giga ethernet interface to configureTengigabitEthernet 10 Giga ethernet interface to configurePort-Channel Ethernet Channel of interfacesvlan IEEE 802.1Q Vlans<CR>
console(config-macl)#permit GigabitEthernet 1/0/1 service Define service type condition.ace-priority The priority of the rule.<CR>
console(config-macl)#permit GigabitEthernet 1/0/1 servicetelnet Telnet service typesnmp SNMP service type.http HTTP service type.https HTTPS service type.ssh SSH service type.
Аналогичные возможности для запрета доступа :
console(config-macl)#deny ip-source To restrict conditions for source ip address use deny ip-source command.service Define service type condition.ace-priority The priority of the rule.GigabitEthernet Giga ethernet interface to configureTengigabitEthernet 10 Giga ethernet interface to configurePort-Channel Ethernet Channel of interfacesvlan IEEE 802.1Q Vlans