02-07-2025 09:42 AM
Hi,
I bought a C1300 and am learning to navigate it compared to standard cisco IOS. I have been unable to get Access Profiles and Access Rules to work. I set up all my rules in a profile with a deny all rule at the bottom. I then make the access profile active. However any ip is still able to login via https or ssh. Am running latest firmware 4.1.4.1. Has anyone been able to make this feature work? Anything I am missing?
management access-list ManagementProfile
permit ip-source 172.16.20.2 mask 255.255.252.0
permit ip-source 172.16.20.222 mask 255.255.252.0
permit ip-source 172.16.20.179 mask 255.255.252.0
permit ip-source 192.168.12.5 mask 255.255.255.0
permit ip-source 192.168.12.1 mask 255.255.255.0
permit ip-source 192.168.12.254 mask 255.255.255.0
deny
exit
management access-class ManagementProfile
02-07-2025 11:49 AM
Hi @williamk
Ensure the Access Profile is Applied to the Management Interface
>>#show management access-class
This should show if ManagementProfile is applied.
If not, explicitly apply it to the management services:
>>#management access-class ManagementProfile
Thanks !
05-05-2025 08:36 AM - edited 05-05-2025 08:58 AM
Can I apply different ACLs to different services like in ios?
Edit: I reread the CLI guide. If I understand correct, there is only one ACL which can be attached to the access-class, but each ACE can be bound to an service like "permit ip-source 10.0.100.0 mask 255.255.255.0 service SSH"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide