R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)
22
Ste
p
Command
Remarks
3. Enter user role VLAN policy
view.
vlan policy deny
By default, the VLAN policies of user
roles permit access to all VLANs.
This command disables the access of
the user role to any VLAN.
4. (Optional.) Specify a list of
VLANs accessible to the user
role.
permit vlan vlan-id-list
By default, no accessible VLANs are
configured.
To add more accessible VLANs,
repeat this step.
Changing the VPN instance policy of a user role
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter user role view.
role name role-name N/A
3. Enter user role VPN instance
policy view.
vpn-instance policy deny
By default, the VPN policies of user
roles permit access to all VPNs.
This command disables the access of
the user role to any VPN.
4. (Optional.) Specify a list of
VPNs accessible to the user
role.
permit vpn-instance
vpn-instance-name&<1-10>
By default, no accessible VPNs are
configured.
To add more accessible VPNs, repeat
this step.
Assigning user roles
To control user access to the system, you must assign a minimum of one user role. Make sure a minimum
of one user role among the user roles assigned by the server exists on the device. User role assignment
procedure varies for remote AAA authentication users, local AAA authentication users, and non-AAA
authentication users (see "Assigning user roles")
. F
or more information about AAA authentication, see
Security Configuration Guide.
Enabling the default user role function
The default user role function allows AAA-authenticated users to access the system if the AAA server does
not authorize any user roles to the users.
You can configure this function to enable an AAA-authenticated user that has not been assigned any user
role to log in with the default user role network-operator.
To enable the default user role function for AAA authentication users:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A