HP Enterprise FlexFabric 12900E Series Command Reference Manual page 34

Hide thumbs Also See for Enterprise FlexFabric 12900E Series:

Installation manual (152 pages)

Configuration manual (552 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

page of 213

/ 213
Contents
Table of Contents
Bookmarks

Table of Contents

Usage guidelines

To permit a user role to access an interface after you configure the

command, you must add the interface to the permitted interface list of the policy. With the user role,

you can perform the following tasks to the interfaces in the permitted interface list:

•

Create, remove, or configure the interfaces.

•

Enter the interface views.

•

Specify the interfaces in feature commands.

The create and remove operations are available only for logical interfaces.

You can repeat the

role interface policy.

The

undo permit interface

not specify an interface.

Any change to a user role interface policy takes effect only on users who log in with the user role after

the change.

Examples

Configure user role role1:

# Permit user role role1 to execute all commands available in interface view and VLAN view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command system-view ; interface *

[Sysname-role-role1] rule 2 permit command system-view ; vlan *

# Permit the user role to access HundredGigE 1/0/1, and HundredGigE 1/0/3 to HundredGigE

1/0/5.

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] permit interface hundredgige 1/0/1 hundredgige 1/0/3

to hundredgige 1/0/5

[Sysname-role-role1-ifpolicy] quit

[Sysname-role-role1] quit

Verify that you cannot use user role role1 to work on all interfaces except for HundredGigE

1/0/1 and HundredGigE 1/0/3 to HundredGigE 1/0/5:

# Verify that you can enter HundredGigE 1/0/1 interface view.

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] quit

# Verify that you can assign HundredGigE 1/0/5 to VLAN 10. In this example, the user role can

access all VLANs because the default VLAN policy of the user role is used.

[Sysname] vlan 10

[Sysname-vlan10] port hundredgige 1/0/5

[Sysname-vlan10] quit

# Verify that you cannot enter interface view of HundredGigE 1/0/2.

[Sysname] interface hundredgige 1/0/2

Permission denied.

Related commands

display role

interface policy deny

role

permit interface

command removes the entire list of permitted interfaces if you do

command to add multiple permitted interfaces to a user

interface policy deny

Table of Contents

HP Enterprise FlexFabric 12900E Series Command Reference Manual page 34

Related Manuals for HP Enterprise FlexFabric 12900E Series

Related Products for HP Enterprise FlexFabric 12900E Series

Table of Contents