Table of Contents
Advertisement
# Permit user role role1 to access VLANs 1, 2, 4, and 50 to 100.
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 1 2 4 50 to 100
[Sysname-role-role1-vlanpolicy] quit
[Sysname-role-role1] quit
2.
Verify that you cannot use user role role1 to work on all VLANs except for VLANs 1, 2, 4, and 50
to 100:
# Verify that you can create VLAN 100 and enter VLAN view.
[Sysname] vlan 100
[Sysname-vlan100] quit
# Verify that you can add Twenty-FiveGigE 1/0/1 to VLAN 100 as an access port.
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] port access vlan 100
[Sysname-Twenty-FiveGigE1/0/1] quit
# Verify that you cannot create VLAN 101 or enter VLAN view.
[Sysname] vlan 101
Permission denied.
Related commands
display role
role
vlan policy deny
permit vpn-instance
Use
permit vpn-instance
role.
Use
undo permit vpn-instance
instances.
Syntax
permit vpn-instance vpn-instance-name&<1-10>
undo permit vpn-instance [ vpn-instance-name&<1-10> ]
Default
No permitted VPN instances are configured in user role VPN instance policy.
Views
User role VPN instance policy view
Predefined user roles
network-admin
Parameters
vpn-instance-name&<1-10>
instance names. Each name is a case-sensitive string of 1 to 31 characters.
Usage guidelines
To permit a user role to access a VPN instance after you configure the
command, you must add the VPN instance to the permitted VPN instance list of the policy.
deny
to configure a list of MPLS L3VPN instances accessible to a user
to disable the access of a user role to specific MPLS L3VPN
: Specifies a space-separated list of up to 10 MPLS L3VPN
17
vpn-instance policy
Advertisement
Chapters
Table of Contents
