Vpn-Instance Policy Deny - H3C S5830V2 Command Reference Manual

Predefined user roles
network-admin
Usage guidelines
To restrict the VLAN access of a user role to a set of VLANs, perform the following tasks:
1. Use vlan policy deny to enter user role VLAN policy view.
2. Use permit vlan to specify accessible VLANs.
NOTE:
The vlan policy deny command denies the access of the user role to all VLANs if the permit vlan
command is not configured.
To configure a VLAN, make sure the VLAN is permitted by the user role VLAN policy in use. You can
perform the following tasks on an accessible VLAN:
•
Create, remove, or configure the VLAN.
•
Enter the VLAN view.
•
Specify the VLAN in feature commands.
Any change to a user role VLAN policy takes effect only on users who log in with the user role after
the change.
Examples
# Enter user role VLAN policy view of role1, and deny the access of role1 to any VLAN.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] quit
# Enter user role VLAN policy view of role1, and deny the access of role1 to any VLAN except
VLANs 50 to 100.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 50 to 100
Related commands
•
display role
•
permit vlan
•
role

vpn-instance policy deny

Use vpn-instance policy deny to enter user role VPN instance policy view.
Use undo vpn-instance policy deny to restore the default user role VPN instance policy.
Syntax
vpn-instance policy deny
undo vpn-instance policy deny
Default
A user role has access to any VPN.
69