Restricts management access to a set of hosts or subnets
Restricting remote access to a controller or service platform ensures only trusted hosts can communicate with enabled management services. This ensures only trusted hosts can perform management tasks and provide protection from brute force attacks from hosts attempting to break into the controller or service platform managed network.
Administrators can permit management connections to be established on any IP interface on the controller or service platform (including IP interfaces used to provide captive portal guest access). Administrators can restrict management access by limiting access to a specific host (IP address), subnet, or ACL on the controller or service platform.
restrict-access [host|ip-access-list|subnet]
restrict-access host <IP> {log|subnet}
restrict-access host <IP> {log [all|denied-only]}
restrict-access host <IP> {subnet <IP/M> {log [all|denied-only]}}
restrict-access ip-access-list <IP-ACCESS-LIST-NAME>
restrict-access subnet <IP/M> {host|log}
restrict-access subnet <IP/M> {log [all|denied-only]}
restrict-access subnet <IP/M> {host <IP> {log [all|denied-only]}}
restrict-access host <IP> {log [all|denied-only]}
host <IP> |
Restricts management access to a specified host. Filters access requests based on a host's IP address
|
log [all|denied-only] |
Optional. Configures a logging policy for access requests.
|
restrict-access host <IP> {subnet <IP/M> {log [all|denied-only]}}
host <IP> |
Restricts management access to a specified host. Filters access requests based on a host's IP address
|
subnet <IP/M> |
Optional. Restricts access on a specified subnet
|
log [all|denied-only] |
Optional. Configures a logging policy for access requests. Sets the log type generated for access requests
|
restrict-access ip-access-list <IP-ACCESS-LIST-NAME>
ip-access-list |
Uses an IPv4 access list to filter access requests IPv4 ACLs filter/mark packets based on the IPv4 address from which they arrive. IP and non-IP traffic, on the same layer 2 interface, can be filtered by applying an IPv4 ACL. Each IPv4 ACL contains a set of deny and/or permit rules. Each rule is specific to source and destination IPv4 addresses and the unique rules and precedence definitions assigned. When the network traffic matches the criteria specified in one of these rules, the action defined in that rule is used to determine whether the traffic is allowed or denied. |
<IP-ACCESS-LIST- NAME> |
Specify the IPv4 ACL name. |
restrict-access subnet <IP/M> {<IP/M>|log [all|denied-only]}
subnet <IP/M> |
Restricts management access to a specified subnet
|
log [all|denied-only] |
Optional. Configures a logging policy for access requests. Sets the log type generated for access requests
|
restrict-access subnet <IP/M> {host <IP> {log [all|denied-only]}}
subnet <IP/M> |
Restricts management access to a specified subnet
|
host <IP> |
Uses the host IP address as a second filter
|
log [all|denied-only] |
Optional. Configures a logging policy for access requests. Sets the log type generated for access requests
|
rfs4000-6DB5D4(config-management-policy-test)#restrict-access host 172.16.10.4 log denied-only
rfs4000-6DB5D4(config-management-policy-test)#show context management-policy test no http server https server ftp username superuser password 1 626b4033263d6d2ae4e79c48cdfcccb60fd4c77a8da9e365060597a6d6570ec2 rootdir dir no ssh aaa-login radius external aaa-login radius policy test idle-session-timeout 0 restrict-access host 172.16.10.4 log denied-only rfs4000-6DB5D4(config-management-policy-test)#
no |
Removes device access restrictions |