60
Step Command Remarks
This command denies the access of
the user role to all interfaces if the
permit interface
command is not
configured.
4. (Optional.) Specify a list of
interfaces accessible to
the user role.
permit interface
interface-list
By default, no accessible interfaces
are configured in user role interface
policy view.
Repeat this step to add more
accessible interfaces.
Configuring the VLAN policy of a user role
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter user role view.
role name
role-name
N/A
3. Enter user role VLAN
policy view.
vlan policy deny
By default, the VLAN policy of the
user role permits access to all
VLANs.
This command denies the access of
the user role to all VLANs if the
permit vlan
command is not
configured.
4. (Optional.) Specify a list of
VLANs accessible to the
user role.
permit vlan
vlan-id-list
By default, no accessible VLANs are
configured in user role VLAN policy
view.
Repeat this step to add more
accessible VLANs.
Assigning user roles
To control user access to the system, you must assign a minimum of one user role. Make sure a
minimum of one user role among the user roles assigned by the server exists on the device. User
role assignment procedure varies for remote AAA authentication users, local AAA authentication
users, and non-AAA authentication users (see "Assigning user roles"
). For more information about
AAA authentication, see Security Configuration Guide.
Enabling the default user role feature
The default user role feature assigns the default user role to AAA-authenticated users if the
authentication server (local or remote) does not assign any user roles to the users. These users are
allowed to access the system with the default user role.
To enable the default user role feature for AAA authentication users:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable the default user
role feature.
role default-role enable
[ role-name ]
By default, the default user role
feature is disabled.
To Next Page
Loading...
Need help?
General