25
Configuring the user role VPN instance policy
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter user role view.
role name role-name
N/A
3.
Enter user role VPN
instance policy view.
vpn-instance policy deny
By default, the VPN instance policy of
the user role permits access to all
VPN instances.
This command denies the access of
the user role to all VPN instances if
the
permit vpn-instance
command
is not configured.
4.
(Optional.) Specify a list of
VPN instances accessible
to the user role.
permit vpn-instance
vpn-instance-name
&<1-10>
By default, no accessible VPN
instances are configured in user role
VPN instance policy view.
Repeat this step to add multiple
accessible VPN instances.
Assigning user roles
To control user access to the system, you must assign a minimum of one user role. Make sure a
minimum of one user role among the user roles assigned by the server exists on the device. User
role assignment procedure varies for remote AAA authentication users, local AAA authentication
users, and non-AAA authentication users (see "
"). For more information about
AAA authentication, see
Security Configuration Guide
.
Enabling the default user role feature
The default user role feature assigns the default user role to AAA-authenticated users if the
authentication server (local or remote) does not assign any user roles to the users. These users are
allowed to access the system with the default user role.
You can specify any user role existing in the system as the default user role.
To enable the default user role feature for AAA authentication users:
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
Содержание FlexNetwork 10500 Series
Страница 139: ...130 Sysname display version ...