Hi!
I've been managing cisco AireOS(ME, non ME) setups for several years and I never had to restrict access to the management webui or cli until now.
I've done some searches on the internet and cisco docs and found the cpu acl feature.
Using an 1815i with the latest available image 8.10.196 configure a simple acl to allow access to 1 source only, but when I try to apply the acl I receive an error.
(Cisco Controller) >config acl cpu mgmt1 Failed in adding cpu acl rule Failed in adding cpu acl rule Failed in adding cpu acl rule |
acl "mgmt1" config:
Index Dir Source IP Address/Netmask Destination IP Address/Netmask Prot Source Port Range Dest Port Range DSCP Action Counter 1 Any 192.168.1.225 / 255.255.255.255 0.0.0.0/0.0.0.0 Any 0-65535 0-65535 Any Permit 0 2 Any 0.0.0.0 / 0.0.0.0 0.0.0.0/0.0.0.0 Any 0-65535 0-65535 Any Deny 0 |
Also tried to apply the acl directly to the management interface(config interface acl management) but didn't notice and change on the management traffic behavior.
I would like to check with this community if anyone has ever tried to restrict access to the webui/cli management in AireOS (standard or me).
I know that AireOS is a "dead" platform regarding bug fixes but maybe I will also ask for help from the support team.
Regards.