To Next Page

To Previous Page

• Create, remove, or configure the interfaces.

• Enter the interface views.

• Specify the interfaces in feature commands.

The create and remove operations are available only for logical interfaces.

You can repeat the permit interface command to add multiple permitted interfaces to a user role

interface policy.

The undo permit interface command removes the entire list of permitted interfaces if you do not

specify an interface.

Any change to a user role interface policy takes effect only on users who log in with the user role after

the change.

Examples

1. Configure user role role1:

# Permit user role role1 to execute all commands available in interface view and VLAN view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command system-view ; interface *

[Sysname-role-role1] rule 2 permit command system-view ; vlan *

# Permit the user role to access Ten-GigabitEthernet 1/0/1, and Ten-GigabitEthernet 1/0/3 to

Ten-GigabitEthernet 1/0/5.

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] permit interface ten-gigabitethernet 1/0/1

ten-gigabitethernet 1/0/3 to ten-gigabitethernet 1/0/5

[Sysname-role-role1-ifpolicy] quit

[Sysname-role-role1] quit

2. Verify that you cannot use user role role1 to work on all interfaces except for

Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/3 to Ten-GigabitEthernet 1/0/5:

# Verify that you can enter Ten-GigabitEthernet 1/0/1 interface view.

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] quit

# Verify that you can assign Ten-GigabitEthernet 1/0/5 to VLAN 10. In this example, the user

role can access all VLANs because the default VLAN policy of the user role is used.

[Sysname] vlan 10

[Sysname-vlan10] port ten-gigabitethernet 1/0/5

[Sysname-vlan10] quit

# Verify that you cannot enter interface view of Ten-GigabitEthernet 1/0/2.

[Sysname] interface ten-gigabitethernet 1/0/2

Permission denied.

Related commands

display role

interface policy deny

role

permit vlan

Use permit vlan to configure a list of VLANs accessible to a user role.

Use undo permit vlan to remove the permission for a user role to access specific VLANs.

Brand	HPE
Model	FlexFabric 5940 SERIES
Category	Switch
Language	English

HPE FlexFabric 5940 SERIES Fundamentals Command Reference

Table of Contents

Other manuals for HPE FlexFabric 5940 SERIES

Questions and Answers:

HPE FlexFabric 5940 SERIES Specifications

Related product manuals