Configuring RBAC
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
You can specify a list of interfaces that the role can access. You can specify it for as many interfaces as
needed:
switch(config-role-interface)# permit interface ethernet 2/1
switch(config-role-interface)# permit interface fc 3/1
switch(config-role-interface)# permit interface vfc 30/1
Changing User Role VLAN Policies
You can change a user role VLAN policy to limit the VLANs that the user can access. To change a user
role VLAN policy, perform this task:
Command
Step 1
switch# configure terminal
Step 2
switch(config)# role name role-name
Step 3
switch(config-role)# rule number permit
command configure terminal ; vlan *
Step 4
switch(config-role)# vlan policy deny
Step 5
switch(config-role-vlan)# permit vlan
vlan-list
Step 6
switch(config-role-vlan)# exit
Step 7
switch(config-role)# show role
Step 8
switch(config-role)# copy running-config
startup-config
Changing User Role VSAN Policies
You can change a user role VSAN policy to limit the VSANs that the user can access.
To change a user role VSAN policy to limit the VSANs that the user can access, perform this task:
Command
Step 1
switch# configure terminal
Step 2
switch(config-role)# role name role-name
Step 3
switch(config-role)# rule number permit
command vsan database; vsan *
Step 4
switch(config-role)# vsan policy deny
Step 5
switch(config-role-vsan)# permit vsan
vsan-list
Step 6
switch(config-role-vsan)# exit
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
22-8
Chapter 22
Configuring User Accounts and RBAC
Purpose
Enters configuration mode.
Specifies a user role and enters role configuration
mode.
Configures a command rule to allow access to all
VLANs.
Enters role VLAN policy configuration mode.
Specifies a range of VLANs that the role can access.
Repeat this command for as many VLANs as needed.
Exits role VLAN policy configuration mode.
(Optional) Displays the role configuration.
(Optional) Copies the running configuration to the
startup configuration.
Purpose
Enters configuration mode.
Specifies a user role and enters role configuration
mode.
Configures a command rule to allow access to all
VSANs.
Enters role VSAN policy configuration mode.
Specifies a range of VSANs that the role can access.
Repeat this command for as many VSANs as needed.
Exits role VSAN policy configuration mode.
OL-16597-01