31
Usage guidelines
CAUTION:
The
vlan policy deny
command denies the access of the user role to any VLANs if you do not
specify accessible VLANs by using the
permit vlan
command. To configure a VLAN, make sure
the VLAN is permitted by the user role VLAN policy in use.
To restrict the VLAN access of a user role to a set of VLANs, perform the following tasks:
1.
Use
vlan policy deny
to enter user role VLAN policy view.
2.
Use
permit vlan
to specify accessible VLANs.
You can perform the following tasks on an accessible VLAN:
•
Create, remove, or configure the VLAN.
•
Enter VLAN view.
•
Specify the VLAN in feature commands.
Any change to a user role VLAN policy takes effect only on users who log in with the user role after
the change.
Examples
# Enter user role VLAN policy view of
role1
, and deny the access of
role1
to any VLANs.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] quit
# Enter user role VLAN policy view of
role1
, and deny the access of
role1
to any VLANs except for
VLANs 50 to 100.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 50 to 100
Related commands
display role
permit vlan
role
vpn-instance policy deny
Use
vpn-instance policy deny
to enter user role VPN instance policy view.
Use
undo vpn-instance policy deny
to restore the default.
Syntax
vpn-instance policy deny
undo vpn-instance policy deny
Default
A user role has access to all VPN instances.
Views
User role view
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...