R0106-HP MSR Router Series Fundamentals Command Reference(V7)
25
Any change to a user role VLAN policy takes effect only on users who log in with the user role after the
change.
Examples
1. Configure user role role1:
# Permit the user role role1 to execute all commands available in interface view and VLAN view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; interface *
[Sysname-role-role1] rule 2 permit command system-view ; vlan *
# Permit the user role role1 to access VLANs 2, 4, and 50 to 100.
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 2 4 50 to 100
2. Verify that you cannot use the user role to work on any VLAN except VLANs 2, 4, and 50 to 100:
# Verify that you can create VLAN 100 and enter the VLAN view.
<Sysname> system-view
[Sysname] vlan 100
[Sysname-vlan100]
# Verify that you can add port GigabitEthernet 2/1/0 to VLAN 100 as an access port.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/1/0
[Sysname-GigabitEthernet2/1/0] port access vlan 100
# Verify that you cannot create VLAN 101 or enter the VLAN view.
<Sysname> system-view
[Sysname] vlan 101
Permission denied.
Related commands
• display role
• role
• vlan policy deny
permit vpn-instance
Use permit vpn-instance to configure a list of VPNs accessible to a user role.
Use undo permit vpn-instance to disable the access of a user role to specific VPNs.
Syntax
permit vpn-instance vpn-instance-name&<1-10>
undo permit vpn-instance [ vpn-instance-name&<1-10> ]
Default
No permitted VPNs are configured in user role VPN instance policy.
Views
User role VPN instance policy view