Permit Vlan - HP FlexFabric 12900 series Command Reference Manual

[Sysname-role-role1] quit
2. Verify that you cannot use the user role to work on any interfaces except FortyGigE 1/0/1 and
FortyGigE 1/0/5 to FortyGigE 1/0/7:
# Verify that you can enter FortyGigE 1/0/1 interface view.
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] quit
# Verify that you can assign FortyGigE 1/0/5 to VLAN 10. In this example, the user role can
access any VLAN because the default VLAN policy of the user role is used.
[Sysname] vlan 10
[Sysname-vlan10] port fortygige 1/0/5
[Sysname-vlan10] quit
# Verify that you cannot enter FortyGigE 1/0/2 interface view.
[Sysname] interface fortygige 1/0/2
Permission denied.
Related commands
display role
•
interface policy deny
•
• role

permit vlan

Use permit vlan to configure a list of VLANs accessible to a user role.
Use undo permit vlan to remove the permission for a user role to access specific VLANs.
Syntax
permit vlan vlan-id-list
undo permit vlan [ vlan-id-list ]
Default
No permitted VLANs are configured in user role VLAN policy view.
Views
User role VLAN policy view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item specifies a VLAN
by VLAN ID or specifies a range of VLANs in the form of vlan-id1 to vlan-id2. The value range for the
VLAN IDs is 1 to 4094. If you specify a VLAN range, vlan-id2 must be greater than vlan-id1.
Usage guidelines
To permit a user role to access a VLAN after you configure the vlan policy deny command, you must add
the VLAN to the permitted VLAN list of the policy. With the user role, you can perform the following tasks
on the VLANs in the permitted VLAN list:
Create, remove, or configure the VLANs.
•
58