59
[Sysname] interface fortygige 1/0/2
Permission denied.
Related commands
display role
interface policy deny
role
permit vlan
Use
permit vlan
to configure a list of VLANs accessible to a user role.
Use
undo permit vlan
to remove the permission for a user role to access specific VLANs.
Syntax
permit vlan
vlan-id-list
undo permit vlan
[
vlan-id-list
]
Default
No permitted VLANs are configured in user role VLAN policy view.
Views
User role VLAN policy view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list
: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item specifies a
VLAN by VLAN ID or specifies a range of VLANs in the form of
vlan-id1
to
vlan-id2
. The value range
for the VLAN IDs is 1 to 4094. If you specify a VLAN range,
vlan-id2
must be greater than
vlan-id1
.
Usage guidelines
To permit a user role to access a VLAN after you configure the
vlan policy deny
command, you
must add the VLAN to the permitted VLAN list of the policy. With the user role, you can perform the
following tasks on the VLANs in the permitted VLAN list:
•
Create, remove, or configure the VLANs.
•
Enter the VLAN views.
•
Specify the VLANs in feature commands.
You can repeat the
permit vlan
command to add permitted VLANs to a user role VLAN policy.
The
undo permit vlan
command removes the entire list of permitted VLANs if you do not specify a
VLAN.
Any change to a user role VLAN policy takes effect only on users who log in with the user role after
the change.
Examples
1.
Configure user role
role1
:
# Permit the user role to execute all commands available in interface view and VLAN view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; interface *