72
NOTE:
The
vlan policy deny
command denies the access of the user role to all VLANs if the
permit vlan
command
is not configured.
To configure a VLAN, make sure the VLAN is permitted by the user role VLAN policy in use. You can
perform the following tasks on an accessible VLAN:
•
Create, remove, or configure the VLAN.
•
Enter the VLAN view.
•
Specify the VLAN in feature commands.
Any change to a user role VLAN policy takes effect only on users who log in with the user role after the
change.
Examples
# Enter user role VLAN policy view of
role1
, and deny the access of
role1
to any VLAN.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] quit
# Enter user role VLAN policy view of
role1
, and deny the access of
role1
to any VLAN except VLANs
50 to 100.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 50 to 100
Related commands
•
display role
•
permit vlan
•
role
vpn-instance policy deny
Use
vpn-instance policy deny
to enter user role VPN instance policy view.
Use
undo vpn-instance policy deny
to restore the default user role VPN instance policy.
Syntax
vpn-instance policy deny
undo vpn-instance policy deny
Default
A user role has access to any VPN.
Views
User role view
Predefined user roles
network-admin