Send documentation comments to mdsfeedback-doc@cisco.com
18-11
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
Chapter 18 Troubleshooting Users and Roles
User and Role Issues
Step 4 Click Apply Changes to save these changes.
Step 5 Select the Roles CFS tab and select commit from the Config Action drop-down menu.
Step 6 Click Apply Changes to distribute these changes through the fabric.
Verifying VSAN-Restricted Roles Using the CLI
To verify user role-based access using the CLI, follow these steps:
Step 1 Use the show user-account command to view the roles assigned to the user.
switch# show user-account user1
user:user1
this user account has no expiry date
roles:sangroup vsan-admin
no password set. local login not allowed
Remote login through RADIUS is possible
Step 2 Use the show role command to view the rules assigned to the role.
switch# show role sangroup
Role: sangroup
Description: SAN management group
vsan policy: deny
Permitted vsans: 10-30
---------------------------------------------
Rule Type Command-type Feature
---------------------------------------------
1. permit config *
2. deny config fspf
3. permit debug zone
4. permit exec fcping
Step 3 Use the role command to modify the VSAN policy for a role.
switch# role name sangroup
switch(config-role)# vsan policy deny
switch(config-role)# permit vsan 1 - 30
User Cannot Configure E Ports
Symptom User cannot configure E ports.
Table 18-7 User Cannot Configure E Ports
Symptom Possible Cause Solution
User cannot configure
E ports.
User is assigned a VSAN-restricted
role.
See the “Verifying VSAN-Restricted Roles Using Fabric
Manager” section on page 18-10 or the “Verifying
VSAN-Restricted Roles Using the CLI” section on
page 18-11.
To Next Page
Loading...
Need help?
General