# Verify that you can create VLANs 10 to 20. This example uses VLAN 10.
<Switch> system-view
[Switch] vlan 10
[Switch-vlan10] quit
# Verify that you cannot create any VLANs other than VLANs 10 to 20. This example uses VLAN 30.
[Switch] vlan 30
Permission denied.
# Verify that you can use all read commands of any feature. This example uses display clock.
[Switch] display clock
09:31:56 UTC Sat 01/01/2013
[Switch] quit
# Verify that you cannot use the write or execute commands of any feature.
<Switch> debugging role all
Permission denied.
<Switch> ping 192.168.1.58
Permission denied.
RBAC configuration example for RADIUS authentication users
Network requirements
As shown in
including the Telnet user. The Telnet user uses the username hello@bbb and is assigned the user role
role2.
Configure role2 to have the following permissions:
Can use all commands in ISP view.
•
Can use the read and write commands of the arp and radius features.
•
Cannot access the read commands of the acl feature.
•
Can configure only VLANs 1 to 20 and interfaces Ten-GigabitEthernet 1/0/1 to
•
Ten-GigabitEthernet 1/0/20.
The switch and the FreeRADIUS server use the shared key expert and authentication port 1812. The switch
delivers usernames with their domain names to the server.
Figure 21 Network diagram
Figure
21, the switch uses the FreeRADIUS server to provide AAA service for login users,
63