Permit Interface - HP 6125XLG Command Reference Manual

Usage guidelines
The interface policy deny command denies the access of a user role to any interface.
To restrict the interface access of a user role to only a set of interfaces:
1. Use interface policy deny to deny access to any interface.
2. Use permit interface to specify accessible interfaces.
To perform any of the following operations, you must make sure the interface is permitted by the interface
policy of any user role that you are logged in with:
Create, remove, or configure an interface.
•
• Enter its interface view.
Specify the interface in a feature command.
•
The create and remove operations are available only to logical interfaces.
Any change to a user role interface policy takes effect only on users who log in with the user role after the
change.
Examples
# Deny the user role role1 to access any interface.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] quit
# Deny the user role role1 to access any interface but Ten-GigabitEthernet 1/1/5 to Ten-GigabitEthernet
1/1/9.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] permit interface ten-gigabitethernet 1/1/5 to
ten-gigabitethernet 1/1/9
Related commands
display role
•

permit interface

•
• role
permit interface
Use permit interface to configure a list of interfaces accessible to a user role.
Use undo permit interface to disable the access of a user role to specific interfaces.
Syntax
permit interface interface-list
undo permit interface [ interface-list ]
Default
No permitted interfaces are configured in user role interface policy view. A user role cannot access any
interface after you configure the interface policy deny command.
59