Cisco Catalyst Center Administrator Guide, Release 3.2.x

IP access control

Updated: May 5, 2026

Want to summarize with AI?

On this page

Overview

Configure IP access control
Enable IP access control
Add an IP address to the IP access list
Delete an IP address from the IP access list
Disable IP access control

Overview

Information about IP access control to control the access to Catalyst Center based on the IP address of the host or network.

IP access control allows you to control the access to Catalyst Center based on the IP address of the host or network. This feature controls access to the Catalyst Center GUI only; this feature doesn’t control enterprise-wide network access.

Catalyst Center provides options for IP access control, including:

Allow all IP addresses to access Catalyst Center (the default).
Allow only selected IP addresses to access Catalyst Center.

Configure IP access control

To configure IP access control and allow only selected IP addresses to access Catalyst Center:

Enable IP access control

Before you begin

Ensure that you have SUPER-ADMIN-ROLE permissions.
Add the Catalyst Center services subnet, cluster service subnet, and cluster interface subnet to the list of allowed subnets.

Procedure

	1.	From the main menu, choose System > Settings > Trust & Privacy > IP Access Control.
	2.	Click the Allow only listed IP addresses to connect radio button.
	3.	Click Add IP List.
	4.	In the IP Address field of the Add IP slide-in pane, enter your IP address. Note If you don’t add your IP address to the IP access list, you may lose access to Catalyst Center.
	5.	In the Subnet Mask field, enter the subnet mask. The valid range for subnet mask is from 0 through 32.
	6.	Click Save.

Add an IP address to the IP access list

To add more IP addresses to the IP access list:

Before you begin

Ensure that you enable IP access control. For more information, see Enable IP access control.

Procedure

	1.	From the main menu, choose System > Settings > Trust & Privacy > IP Access Control.
	2.	Click Add.
	3.	In the IP Address field of the Add IP slide-in pane, enter the IP address of the host or network.
	4.	In the Subnet Mask field, enter the subnet mask. The valid range for subnet mask is from 0 through 32.
	5.	Click Save.

Delete an IP address from the IP access list

To delete an IP address from the IP access list and disable its access to Catalyst Center:

Before you begin

Ensure that you have enabled IP access control and added IP addresses to the IP access list. For more information, see Enable IP access control and Add an IP address to the IP access list.

Procedure

	1.	From the main menu, choose System > Settings > Trust & Privacy > IP Access Control.
	2.	In the Action column, click the Delete icon for the corresponding IP address.
	3.	Click Delete.

Disable IP access control

To disable IP access control and allow all IP addresses to access Catalyst Center:

Before you begin

Ensure that you have SUPER-ADMIN-ROLE permissions.

Procedure

	1.	From the main menu, choose System > Settings > Trust & Privacy > IP Access Control.
	2.	Click the Allow all IP addresses to connect radio button.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.