Table of Contents
Advertisement
interface policy deny
Use
interface policy deny
Use
undo interface policy deny
Syntax
interface policy deny
undo interface policy deny
Default
A user role has access to all interfaces.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
CAUTION:
This command denies the access of the user role to any interfaces if you do not specify accessible
interfaces by using the
interface is permitted by the user role interface policy in use.
To restrict the interface access of a user role to a set of interfaces, perform the following tasks:
1.
Use
interface policy deny
2.
Use
permit interface
You can perform the following tasks on an accessible interface:
•
Create, remove, or configure the interface.
•
Enter interface view.
•
Specify the interface in feature commands.
The create and remove operations are available only for logical interfaces.
Any change to a user role interface policy takes effect only on users who log in with the user role after
the change.
Examples
# Enter user role interface policy view of role1, and deny role1 to access any interfaces.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] quit
# Enter user role interface policy view of role1, and deny role1 to access any interfaces except for
GigabitEthernet 1/0/1 to GigabitEthernet 1/0/4.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] permit interface gigabitethernet 1/0/1 to gigabitethernet
1/0/4
to enter user role interface policy view.
to restore the default.
permit interface
to enter user role interface policy view.
to specify accessible interfaces.
14
command. To configure an interface, make sure the
Advertisement
Chapters
Table of Contents
