Specifications
MANAGEMENT-POLICY 16 - 15
• restrict-access ip-access-list <IP-ACCESS-LIST>
• restrict-access subnet <IP/M> {log [all|denied-only]}
• restrict-access subnet <IP/M> {host [<IP>] {log [all|denied-only]}}
Examples
rfs7000-37FABE(config-management-policy-test)#restrict-access host 172.16.10.2 log
all
rfs7000-37FABE(config-management-policy-test)#restrict-access subnet 172.16.10.20/24
host 172.16.10.3 log all
rfs7000-37FABE(config-management-policy-test)#restrict-access host 172.16.10.4 log
denied-only
rfs7000-37FABE(config-management-policy-test)#show context
management-policy test
http server
no ssh
restrict-access subnet 172.16.10.20/24 host 172.16.10.3 log all
restrict-access host 172.16.10.2 log all
restrict-access host 172.16.10.4 log denied-only
rfs7000-37FABE(config-management-policy-test)#
Related Commands
ip-access-list Uses an IP access list to filter access requests
<IP-ACCESS-LIST> Sets the access list name
subnet <IP/M> Restricts access to a specified subnet. Uses a subnet IP address to filter access requests
• <IP/M> – Sets the IP address of the subnet in the A.B.C.D/M format
log
[all|denied-only]
Optional. Configures a logging policy for access requests. Sets the log type generated for
access requests
• all – Logs all access requests, both denied and permitted
• denied-only – Logs only denied access
subnet <IP/M> Restricts access to a specified subnet. Uses a subnet IP address to filter access requests
• <IP/M> – Sets the IP address of the subnet in the A.B.C.D/M format
host <IP> Uses the host IP address as a second filter
• <IP> – Specify the host IP address.
log
[all|denied-only]
Optional. Configures a logging policy for access requests. Sets the log type generated for
access requests
• all – Logs all access requests, both denied and permitted
• denied-only – Logs only denied access
no Removes device access restrictions