console# configure
console(config)# management access-list IP
console(config-macl)# permit ip-source 192.168.1.12
console(config-macl)# exit

console(config)# management access-class IP

console# show management access-list
IP
----
permit ip-source 192.168.1.12
(Note: all other access implicitly denied) !
console-only
------------
deny
(Note: all other access implicitly denied) !
console#show management access-class
Management access-class is enabled, using access-list IP

console(config-macl)#permit
.ip-source To restrict conditions for source ip address use permit ip-source command
.service Define service type condition
.ace-priority The priority of the rule GigabitEthernet Giga ethernet interface to configure
TengigabitEthernet 10 Giga ethernet interface to configure
Port-Channel Ethernet Channel of interfaces
vlan IEEE 802.1Q Vlans
<"CR">

console(config-macl)#permit GigabitEthernet 1/0/1
.service Define service type condition
.ace-priority The priority of the rule
<"CR">

console(config-macl)#permit GigabitEthernet 1/0/1 service
telnet Telnet service type
.snmp SNMP service type
.http HTTP service type
.https HTTPS service type
.ssh SSH service type

console(config-macl)#deny
.ip-source To restrict conditions for source ip address use deny ip-source command
.service Define service type condition
.ace-priority The priority of the rule
GigabitEthernet Giga ethernet interface to configure
TengigabitEthernet 10 Giga ethernet interface to configure
Port-Channel Ethernet Channel of interfaces
vlan IEEE 802.1Q Vlans