Two different management-access-filter policies can be configured: ip-filter and ipv6-filter.
The following are the MAF packet match rules:
Each MAF policy is an ordered list of entries; therefore, entries must be sequenced correctly from the most to the least explicit.
If multiple match criteria are specified in a single MAF policy entry, all criteria must be met for the packet to be considered a match against that policy entry (logical AND).
Any match criteria not explicitly defined is ignored during a match.
A MAF filter policy entry defined without a match criteria is inactive.
A MAF filter policy entry with match criteria defined but no action configured inherits the default action defined at the management-access-filter level.
The management-access-filter default-action applies individually per IPv4 or IPv6 filter policies that are in a no shutdown state.