4000 Router Series Fundamentals Command Reference

Examples

# Permit the user role role1 to access VLANs 2, 4, and 50 to 100, enter interface view and VLAN view

and execute all the commands that are available in interface view and VLAN view.

<Sysname> system-view

[Sysname] role name role1

Sysname-role-role1] rule 1 permit command system-view ; interface *

[Sysname-role-role1] rule 2 permit command system-view ; vlan *

[Sysname-role-role1] vlan policy deny

[Sysname-role-role1-vlanpolicy] permit vlan 2 4 50 to 100

Verify that you cannot use the user role to work on any VLAN but VLANs 2, 4, and 50 to 100:

# Verify that you can create VLAN 100 and enter its view.

<Sysname> system-view

[Sysname] vlan 100

[Sysname-vlan100]

# Verify that you can add port Ethernet 1/1 to VLAN 100 as an access port.

<Sysname> system-view

[Sysname] interface ethernet1/1

[Sysname-Ethernet1/1] port access vlan 100

# Verify that you cannot create VLAN 101 or enter its view.

<Sysname> system-view

[Sysname] vlan 101

Permission denied.

Related commands

• display role

• role

• vlan policy deny

permit vpn-instance

Use permit vpn-instance to configure a list of VPNs accessible to a user role.

Use undo permit vpn-instance to disable the access of a user role to specific VPNs.

Syntax

permit vpn-instance vpn-instance-name&<1-10>

undo permit vpn-instance [ vpn-instance-name&<1-10> ]

Default

No permitted VPNs are configured in user role VPN instance policy.

Views

User role VPN instance policy view

Predefined user roles

network-admin