Permit Vpn-Instance - HP MSR Series Command Reference Manual

Specify the VLANs in feature commands.
•
You can repeat the permit vlan command to add permitted VLANs to a user role VLAN policy.
The undo permit vlan command removes the entire list of permitted VLANs if you do not specify any
VLANs.
Any change to a user role VLAN policy takes effect only on users who log in with the user role after the
change.
Examples
1. Configure user role role1:
# Permit the user role role1 to execute all commands available in interface view and VLAN view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; interface *
[Sysname-role-role1] rule 2 permit command system-view ; vlan *
# Permit the user role role1 to access VLANs 2, 4, and 50 to 100.
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 2 4 50 to 100
Verify that you cannot use the user role to work on any VLAN except VLANs 2, 4, and 50 to 100:
2.
# Verify that you can create VLAN 100 and enter the VLAN view.
<Sysname> system-view
[Sysname] vlan 100
[Sysname-vlan100]
# Verify that you can add port GigabitEthernet 2/1/0 to VLAN 100 as an access port.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/1/0
[Sysname-GigabitEthernet2/1/0] port access vlan 100
# Verify that you cannot create VLAN 101 or enter the VLAN view.
<Sysname> system-view
[Sysname] vlan 101
Permission denied.
Related commands
display role
•
role
•
• vlan policy deny

permit vpn-instance

Use permit vpn-instance to configure a list of VPNs accessible to a user role.
Use undo permit vpn-instance to disable the access of a user role to specific VPNs.
Syntax
permit vpn-instance vpn-instance-name&<1- 1 0>
undo permit vpn-instance [ vpn-instance-name&<1- 1 0> ]
25