Role - HPE D6020 Maintenance And Service Manual
Hide thumbs
Also See for HPE D6020:
- Maintenance and service manual (54 pages) ,
- User manual (44 pages)
Table of Contents
Advertisement
The undo permit vpn-instance command removes the entire list of permitted VPN instances if you
do not specify a VPN instance.
Any change to a user role VPN instance policy takes effect only on users who log in with the user role
after the change.
Examples
1.
Configure user role role1:
# Permit the user role to execute all commands available in system view and in the child views
of system view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; *
# Permit the user role to access VPN instance vpn1.
[Sysname-role-role1] vpn policy deny
[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn1
[Sysname-role-role1-vpnpolicy] quit
[Sysname-role-role1] quit
2.
Verify that you cannot use the user role to work on any VPN instances except for vpn1:
# Verify that you can enter the view of VPN instance vpn1.
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] quit
# Verify that you can specify the primary accounting server at 10.110.1.2 in the VPN instance
for RADIUS scheme radius1.
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary accounting 10.110.1.2 vpn-instance vpn1
[Sysname-radius-radius1] quit
# Verify that you cannot create VPN instance vpn2 or enter the VPN instance view.
[Sysname] ip vpn-instance vpn2
Permission denied.
Related commands
display role
role
vpn-instance policy deny
role
Use role to create a user role and enter its view, or enter the view of an existing user role.
Use undo role to delete a user role.
Syntax
role name role-name
undo role name role-name
Default
The system has the following predefined user roles: network-admin, network-operator, level-n
(where n represents an integer in the range of 0 to 15), security-audit, and guest-manager.
Views
System view
34
Advertisement
Table of Contents
