# vi ssh-acl.pol
ssh-acl.pol:
entry permitMGMT { if match all { protocol tcp; destination-port 22-23; source-address 1.1.1.1/32; destination-address 2.2.2.2/32; } then { permit; count permitMGMT; } } entry dropMGMT { if match all { protocol tcp; destination-port 22-23; destination-address 2.2.2.2/32; } then { deny; count dropMGMT; } }
# check policy ssh-acl
# configure access-list ssh-acl vlan Mgmt