Changing User Role Interface Policies - Cisco Nexus 9000 Series Configuration Manual

Changing User Role Interface Policies

Command or Action
Step 5 (Optional) show role feature-group
Example:
switch(config)# show role feature-group
Step 6 (Optional) show role {pending | pending-diff}
Example:
switch(config)# show role pending
Step 7 (Optional) role commit
Example:
switch(config)# role commit
Step 8 (Optional) copy running-config startup-config
Example:
switch(config)# copy running-config startup-config
Changing User Role Interface Policies
You can change a user role interface policy to limit the interfaces that the user can access. By default, a user
role allows access to all interfaces.
Before you begin
Create one or more user roles.
If you want to distribute the user role configuration, enable user role configuration distribution on all Cisco
NX-OS devices to which you want the configuration distributed.
SUMMARY STEPS
1. configure terminal
2. role name role-name
3. interface policy deny
4. permit interface interface-list
5. exit
6. (Optional) show role
7. (Optional) show role {pending | pending-diff}
8. (Optional) role commit
9. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
166
Configuring User Accounts and RBAC
Purpose
Displays the role feature group configuration.
Displays the user role configuration pending for distribution.
Applies the user role configuration changes in the temporary
database to the running configuration.
Copies the running configuration to the startup
configuration.
Purpose
Enters global configuration mode.