37
{ rule 3 permit read write oid 1.3.6.1.4.1
When you specify a command string, follow the guidelines in Table 5.
Table 5
Command string configuration rules
Rule Guidelines
Semicolon (;) is the delimiter.
Use a semicolon to separate the command of each view that you must
enter before you access a command or a set of commands. However, do
not use a semicolon to separate commands available in user view or any
view, for example,
display
and
dir
.
Each semicolon-separated segment must have a minimum of one
printable character.
To specify the commands in a view but not the commands in the view's
subviews, use a semicolon as the last printable character in the last
segment. To specify the commands in a view and the view's subviews,
the last printable character in the last segment must not be a semicolon.
For example, you must enter system view before you enter interface
view. To specify all commands starting with the
ip
keyword in any
interface view, you must use the "system ; interface * ; ip * ;" command
string.
For another example, the "system ; radius scheme * ;" command string
represents all commands that start with the
radius scheme
keywords in
system view. The "system ; radius scheme *" command string
represents all commands that start with the
radius scheme
keywords in
system view and all commands in RADIUS scheme view.
Asterisk (*) is the wildcard.
An asterisk represents zero or multiple characters.
In a non-last segment, you can use an asterisk only at the end of the
segment.
In the last segment, you can use an asterisk in any position of the
segment. If the asterisk appears at the beginning, you cannot specify a
printable character behind the asterisk.
For example, the "system ; *" command string represents all commands
available in system view and all subviews of the system view. The
"debugging * event" command string represents all event debugging
commands available in user view.
Keyword abbreviation is allowed.
You can specify a keyword by entering the first few characters of the
keyword. Any command that starts with this character string matches the
rule.
For example, "rule 1 deny command dis arp source *" denies access to
the commands
display arp source-mac interface
and
display arp
source-suppression
.
To control the access to a
command, you must specify the
command immediately after the
view that has the command.
To control access to a command, you must specify the command
immediately behind the view to which the command is assigned. The
rules that control command access for any subview do not apply to the
command.
For example, the "rule 1 deny command system ; interface * ; *"
command string disables access to any command that is assigned to
interface view. However, you can still execute the
acl advanced
command in interface view, because this command is assigned to
system view rather than interface view. To disable access to this
command, use "rule 1 deny command system ; acl *;".
To Next Page
Loading...
Need help?
General