HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Command Reference - Page 70

vlan policy deny Use vlan policy deny to enter the user role VLAN policy view. Use undo vlan policy deny to restore the default user role VLAN policy. Syntax vlan policy deny undo vlan policy deny Default A user role has no access to any VLAN. Views User role view Predefined user roles network-admin Usage guidelines The vlan policy deny command denies the access of a user role to any VLAN. To restrict the VLAN access of a user role to only a set of VLANs: 1. Use vlan policy deny to deny access to any VLAN. 2. Use permit vlan to specify accessible VLANs. To perform any of the following operations, you must make sure the VLAN is permitted by the VLAN policy of any user role that you are logged in with: • Create, remove, or configure a VLAN. • Enter its view. • Specify the VLAN in a feature command. Any change to a user role VLAN policy takes effect only on users that log in with the user role after the change. Examples # Deny the access of role1 to any VLAN. system-view [Sysname] role name role1 [Sysname-role-role1] vlan policy deny [Sysname-role-role1-vlanpolicy] quit # Deny the access of role1 to any VLAN but VLANs 50 to 100. system-view [Sysname] role name role1 [Sysname-role-role1] vlan policy deny [Sysname-role-role1-vlanpolicy] permit vlan 50 to 100 Related commands • display role • permit vlan • role 63