permit vlan
To permit VLANs for a user role VLAN policy, use the permit vlan command. To remove VLANs, use the
no form of this command.
permit vlan {vlan-id [-vlan-id2]| vlan-list}
no permit vlan
Syntax Description
VLAN identifier. The range is 1-3967 and 4048-4093.
vlan-id
Last VLAN identifier in a range. The VLAN identifier
must be greater than the first VLAN identifier in the
range.
- vlan-id2
Comma-separated list of VLAN identifiers.
vlan-list
Command Default
All VLANs
Command Modes
User role VLAN policy configuration
Command History
ModificationRelease
This command was introduced.4.0(1)
Usage Guidelines
The vlan policy deny command denies a user role access to all VLANs except for those that you allow with
the permit vlan command.
This command does not require a license.
Examples
This example shows how to permit a VLAN identifier for a user role VLAN policy:
switch# configure terminal
switch(config)# role name MyRole
switch(config-role)# vlan policy deny
switch(config-role-vlan)# permit vlan 8
This example shows how to permit a range of VLAN identifiers for a user role VLAN policy:
switch# configure terminal
switch(config)# role name MyRole
switch(config-role)# vlan policy deny
switch(config-role-vlan)# permit vlan 1-8
This example shows how to permit a list of VLAN identifiers for a user role VLAN policy:
switch# configure terminal
switch(config)# role name MyRole
Cisco Nexus 7000 Series Security Command Reference
579
P Commands
permit vlan
To Next Page
Loading...
