Changing Resource Access Policies; Changing The Interface Policy Of A User Role; Changing The Vlan Policy Of A User Role; Assigning User Roles - HP FlexFabric 7900 Series Configuration Manual

Hide thumbs Also See for FlexFabric 7900 Series:

Command reference manual (294 pages)

Installation manual (58 pages)

Command reference manual (35 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

Table of Contents

Changing resource access policies

Every user role has one interface policy and VLAN policy. By default, these policies permit user roles to

access any interface and VLAN. You can change the policies of user-defined user roles and the

predefined level-n user roles to limit their access to interfaces and VLANs. A changed policy takes effect

only on users who are logged in with the user role after the change.

Changing the interface policy of a user role

Step

Enter system view.

Enter user role view.

Enter user role interface

policy view.

(Optional.) Specify a list of

interfaces accessible to the

user role.

Changing the VLAN policy of a user role

Step

Enter system view.

Enter user role view.

Enter user role VLAN policy

view.

(Optional.) Specify a list of

VLANs accessible to the

user role.

Assigning user roles

To control user access to the system, you must assign at least one user role. Make sure at least one user

role among the user roles assigned by the server exists on the device. User role assignment procedure

varies with remote AAA authentication users, local AAA authentication users, and non-AAA

authentication users (see

Security Configuration Guide.

Command

system-view

role name role-name

interface policy deny

permit interface interface-list

Command

system-view

role name role-name

vlan policy deny

permit vlan vlan-id-list

"Assigning user

roles"). For more information about AAA authentication, see

Remarks

N/A

By default, the interface policies of

user roles permit access to all

interfaces.

This command disables the access of

the user role to any interface.

By default, no accessible interfaces

are configured.

To add more accessible interfaces,

repeat this step.

Remarks

N/A

By default, the VLAN policies of user

roles permit access to all VLANs.

This command disables the access of

the user role to any VLAN.

By default, no accessible VLANs are

configured.

To add more accessible VLANs,

repeat this step.

Table of Contents

Changing Resource Access Policies; Changing The Interface Policy Of A User Role; Changing The Vlan Policy Of A User Role; Assigning User Roles - HP FlexFabric 7900 Series Configuration Manual

Changing resource access policies

Changing the interface policy of a user role

Changing the VLAN policy of a user role

Assigning user roles

Troubleshooting

Related Manuals for HP FlexFabric 7900 Series

Related Content for HP FlexFabric 7900 Series

Table of Contents