HP 6125XLG Command Reference Manual page 64

Blade switch fundamentals command reference

Hide thumbs Also See for 6125XLG:

Layer 3 - ip routing configuration manual (492 pages)

Command reference manual (466 pages)

Configuration manual (414 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

page of 221

/ 221
Contents
Table of Contents
Bookmarks

Table of Contents

undo rule { number | all }

Default

A user-defined user role has no rules and cannot use any command.

Views

User role view

Predefined user roles

network-admin

Parameters

number: Specifies a rule number in the range of 1 to 256.

deny: Denies access to any specified command.

permit: Permits access to any specified command.

command command-string: Specifies a command string. The command-string argument is a

case-insensitive string of 1 to 128 characters, including the wildcard asterisk (*), the delimiters space

and tab, and all printable characters.

execute: Specifies the execute commands of a feature or feature group. An execute command (for

example, ping) executes a specific function or program.

read: Specifies the read commands of a feature or feature group. A read command (for example, display,

dir, more, or pwd) displays configuration or maintenance information.

write: Specifies the write commands of a feature or feature group. A write command (for example, ssh

server enable) configures the system.

feature [ feature-name ]: Specifies one or all features. The feature-name argument specifies a feature

name. If no feature name is specified, you specify all the features in the system. When you specify a

feature, you must enter its name exactly as displayed by display role feature, including the case.

feature-group feature-group-name: Specifies a user-defined or pre-defined feature group. The

feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31

characters. If the feature group has not been created, the rule takes effect after the group is created. To

display the feature groups that have been created, use the display role feature-group command.

all: Deletes all the user role rules.

Usage guidelines

You can define the following types of rules for different access control granularities:

•

Command rule—Controls access to a command or a set of commands that match a regular

expression.

Feature rule—Controls access to the commands of a feature by command type.

•

Feature group rule—Controls access to the commands of a group of features by command type.

•

You can configure up to 256 rules for a user role, but the total number of user role rules in the system

cannot exceed 1024.

A user role can access the set of permitted commands specified in its rules. User role rules include

predefined (identified by sys-n) and user-defined user role rules.

•

If two user-defined rules of the same type conflict, the one with the higher ID takes effect. For

example, if rule 1 permits the ping command, rule 2 permits the tracert command, and rule 3

denies the ping command, the user role can use the tracert command but not the ping command.

Table of Contents

HP 6125XLG Command Reference Manual page 64

Related Manuals for HP 6125XLG

Related Products for HP 6125XLG

Table of Contents