Role - HP Enterprise FlexFabric 12900E Series Command Reference Manual

•
Enter the VPN instance views.
•
Specify the VPN instances in feature commands.
You can repeat the
a user role VPN instance policy.
The
undo permit vpn-instance
if you do not specify a VPN instance.
Any change to a user role VPN instance policy takes effect only on users who log in with the user role
after the change.
Examples
1. Configure user role role1:
# Permit the user role to execute all commands available in system view and in the child views
of system view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; *
# Permit the user role to access VPN instance vpn1.
[Sysname-role-role1] vpn policy deny
[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn1
[Sysname-role-role1-vpnpolicy] quit
[Sysname-role-role1] quit
2. Verify that you cannot use user role role1 to work on all VPN instances except for vpn1:
# Verify that you can enter the view of vpn1.
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] quit
# Verify that you can specify the primary accounting server at 10.110.1.2 in VPN instance vpn1
for RADIUS scheme radius1.
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary accounting 10.110.1.2 vpn-instance vpn1
[Sysname-radius-radius1] quit
# Verify that you cannot create VPN instance vpn2 or enter VPN instance view.
[Sysname] ip vpn-instance vpn2
Permission denied.
Related commands
display role

role

vpn-instance policy deny
role
Use to create a user role and enter its view, or enter the view of an existing user role.
role
Use
undo role
Syntax
role name role-name
undo role name role-name
permit vpn-instance
command removes the entire list of permitted VPN instances
to delete a user role.
command to add multiple permitted VPN instances to
31