H3C S5830V2 Command Reference Manual page 82
Switch series
fundamentals
Hide thumbs
Also See for S5830V2:
- Security configuration manual (332 pages) ,
- Configuration manual (318 pages) ,
- Command reference manual (137 pages)
Table of Contents
Advertisement
Views
User role view
Predefined user roles
network-admin
Usage guidelines
To restrict the VPN access of a user role to a set of VPNs, perform the following tasks:
1.
Use vpn-instance policy deny to enter user role VPN instance policy view.
2.
Use permit vpn-instance to specify accessible VPNs.
NOTE:
The vpn-instance policy deny command denies the access of the user role to all VPNs if the
permit vpn-instance command is not configured.
To configure a VPN, make sure the VPN is permitted by the user role VPN instance policy in use. You
can perform the following tasks on an accessible VPN:
•
Create, remove, or configure the VPN.
•
Enter the VPN instance view.
•
Specify the VPN in feature commands.
Any change to a user role VPN instance policy takes effect only on users who log in with the user role
after the change.
Examples
# Enter user role VPN instance policy view of role1, and deny the access of user role role1 to any
VPN.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vpn-instance policy deny
[Sysname-role-role1-vpnpolicy] quit
# Enter user role VPN instance policy view of role1, and deny the access of user role role1 to any
VPN except vpn2.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vpn-instance policy deny
[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn2
Related commands
•
display role
•
permit vpn-instance
•
role
70
Advertisement
Table of Contents
