# vi mgmt-acl.pol
mgmt-acl.pol:
entry Telnet_Allow {
if match any {
source-address 1.2.3.4/32;
source-address 2.4.6.8/32;
} then {
permit;
}
}
# check policy mgmt-acl
# configure telnet access-profile mgmt-acl
# vi ssh-acl.pol
ssh-acl.pol:
entry permitMGMT {
if match all {
protocol tcp;
destination-port 22-23;
source-address 1.1.1.1/32;
destination-address 2.2.2.2/32;
} then {
permit;
count permitMGMT;
}
}
entry dropMGMT {
if match all {
protocol tcp;
destination-port 22-23;
destination-address 2.2.2.2/32;
} then {
deny;
count dropMGMT;
}
}
# check policy ssh-acl
# configure access-list ssh-acl vlan Mgmt