59
Displaying RBAC settings
Execute display commands in any view.
Task Command
Display user role information. display role [ name role-name ]
Display user role feature
information.
display role feature [ name feature-name | verbose ]
Display user role feature group
information.
display role feature-group [ name feature-group-name ] [ verbose ]
RBAC configuration examples
RBAC configuration example for local AAA authentication
users
Network requirements
As shown in Figure 24, the switch performs local AAA authentication for the Telnet user at 192.168.1.58.
The Telnet user has the username user1@bbb and is assigned the user role role1.
Configure role1 to have the following permissions:
• Executes the read commands of any feature.
• Configures no VLANs except VLANs 10 to 20.
Figure 24 Network diagram
Configuration procedure
# Assign an IP address to VLAN-interface 2, the interface connected to the Telnet user.
<Switch> system-view
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
# Enable Telnet server.
[Switch] telnet server enable
# Enable scheme authentication on the user lines for Telnet users.
[Switch] line vty 0 63
[Switch-line-vty0-63] authentication-mode scheme
[Switch-line-vty0-63] quit
To Next Page
Loading...
