17 - 12 WiNG CLI Reference Guide
17.1.8 restrict-access
management-policy
Restricts management access to a set of hosts or subnets
Supported in the following platforms:
• RFS7000
• RFS6000
• RFS4000
• AP71xx
• AP650
• AP6511
• AP6532
Syntax
restrict-access [host|ip-access-list|subnet]
restrict-access host <A.B.C.D> {<A.B.C.D>|log [all|denied-only]|subnet <A.B.C.D/M>
{<A.B.C.D>/M|log [all|denied-only]}}
restrict-access ip-access-list <IP-ACCESS-LIST>
restrict-access subnet <A.B.C.D/M> {<A.B.C.D>/M|log [all|denied-only]|host <A.B.C.D>
{<A.B.C.D>|log [all|denied-only]}}
Parameters
Example
rfs7000-37FABE(config-management-policy-default)#restrict-access host 172.16.10.2
log all
rfs7000-37FABE(config-management-policy-default)#
rfs7000-37FABE(config-management-policy-default)#restrict-access subnet
172.16.10.20/24 host 1.2.3.4 log all
rfs7000-37FABE(config-management-policy-default)#
rfs7000-37FABE(config-management-policy-default)#restrict-access host 1.2.3.4 log
denied-only
rfs7000-37FABE(config-management-policy-default)#
[host|ip-access-list|subnet]
• host <A.B.C.D> {<A.B.C.D>|log [all|denied-only]|subnet <A.B.C.D/M>
{<A.B.C.D>/M|log [all|denied-only]}} – Restricts management access to
specific hosts
• ip-access-list <IP-ACCESS-LIST>
– Uses an IP access list to filter
requests for management access
• <IP-ACCESS-LIST> – Specify the IP access list to be used
• subnet
<A.B.C.D/M> {<A.B.C.D>/M|log [all|denied-only]|host <A.B.C.D>
{<A.B.C.D>|log [all|denied-only]}} – Restricts management access to
specific subnets
• <A.B.C.D>/M – Specify a subnet IP to restrict management access
The following parameters are common for all the above:
• log – Configures logging policy for management access
• all – Logs all the requests for management access (includes denied
and permitted)
• denied-only – Logs denied requests for management access
Comments to this Manuals