cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
304
Views
0
Helpful
2
Replies

C1300 Management Access Profiles and Rules

williamk
Level 1
Level 1

Hi,

I bought a C1300 and am learning to navigate it compared to standard cisco IOS.  I have been unable to get Access Profiles and Access Rules to work.  I set up all my rules in a profile with a deny all rule at the bottom. I then make the access profile active.  However any ip is still able to login via https or ssh.  Am running latest firmware 4.1.4.1.  Has anyone been able to make this feature work?  Anything I am missing?

management access-list ManagementProfile
permit ip-source 172.16.20.2 mask 255.255.252.0
permit ip-source 172.16.20.222 mask 255.255.252.0
permit ip-source 172.16.20.179 mask 255.255.252.0
permit ip-source 192.168.12.5 mask 255.255.255.0
permit ip-source 192.168.12.1 mask 255.255.255.0
permit ip-source 192.168.12.254 mask 255.255.255.0
deny
exit
management access-class ManagementProfile

 

2 Replies 2

Hi @williamk 

Ensure the Access Profile is Applied to the Management Interface

>>#show management access-class

This should show if ManagementProfile is applied.

If not, explicitly apply it to the management services:

>>#management access-class ManagementProfile

Thanks !

Tobias Heisele
Level 1
Level 1

Can I apply different ACLs to different services like in ios?

Edit: I reread the CLI guide. If I understand correct, there is only one ACL which can be attached to the access-class, but each ACE can be bound to an service like "permit ip-source 10.0.100.0 mask 255.255.255.0 service SSH"