R0106-HP MSR Router Series Fundamentals Command Reference(V7)
36
vlan policy deny
Use vlan policy deny to enter the user role VLAN policy view.
Use undo vlan policy deny to restore the default user role VLAN policy.
Syntax
vlan policy deny
undo vlan policy deny
Default
A user role does not have access to any VLAN.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
The vlan policy deny command denies the access of a user role to any VLAN.
To restrict the VLAN access of a user role to only a set of VLANs:
1. Use vlan policy deny to deny access to any VLAN.
2. Use permit vlan to specify accessible VLANs.
To configure a VLAN, make sure the VLAN is permitted by the user role VLAN policy in use. You can
perform the following tasks on an accessible VLAN:
• Create, remove, or configure a VLAN.
• Enter the VLAN view.
• Specify the VLAN in feature commands.
Any change to a user role VLAN policy takes effect only on users who log in with the user role after the
change.
Examples
# Deny the access of role1 to any VLAN.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] quit
# Deny the access of role1 to any VLAN except VLANs 50 to 100.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 50 to 100
Related commands
• display role
• permit vlan
• role