Task
Displaying and maintaining RBAC settings
Execute display commands in any view.
Task
Display user role information.
Display user role feature
information.
Display user role feature group
information.
RBAC configuration examples
RBAC configuration example for local AAA authentication
users
Network requirements
As shown in
account for the Telnet user is user1@bbb and is assigned the user role role1.
Configure role1 to have the following permissions:
•
Can execute the read commands of any feature.
•
Cannot configure any VLANs except VLANs 10 to 20.
Figure 21 Network diagram
Configuration procedure
# Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user).
<Switch> system-view
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
# Enable Telnet server.
[Switch] telnet server enable
# Enable scheme authentication on the user lines for Telnet users.
[Switch] line vty 0 63
[Switch-line-vty0-63] authentication-mode scheme
[Switch-line-vty0-63] quit
Command
Command
display role [ name role-name ]
display role feature [ name feature-name | verbose ]
display role feature-group [ name feature-group-name ] [ verbose ]
Figure
21, the switch performs local AAA authentication for the Telnet user. The user
Remarks
authorization.
65