HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Command Reference - Page 71

vpn-instance policy deny Use vpn-instance policy deny to enter user role VPN instance policy view. Use undo vpn-instance policy deny to restore the default user role VPN instance policy. Syntax vpn-instance policy deny undo vpn-instance policy deny Default A user role has access to any VPN. Views User role view Predefined user roles network-admin Usage guidelines The vpn-instance policy deny command denies the access of a user role to any VPN. To restrict the VPN access of a user role to only a set of VPNs: 1. Use vpn-instance policy deny to deny access to any VPN. 2. Use permit vpn-instance to specify accessible VPNs. To perform any of the following operations, you must make sure the VPN is permitted by the VPN instance policy of any user role that you are logged in with: • Create, remove, or configure an MPLS L3VPN. • Enter its view. • Specify it in a feature command, Any change to a user role VPN instance policy takes effect only on users that log in with the user role after the change. Examples # Deny the access of user role role1 to any VPN. system-view [Sysname] role name role1 [Sysname-role-role1] vpn-instance policy deny [Sysname-role-role1-vpnpolicy] quit # Deny the access of user role role1 to any VPN but vpn2. system-view [Sysname] role name role1 [Sysname-role-role1] vpn-instance policy deny [Sysname-role-role1-vpnpolicy] permit vpn-instance vpn2 Related commands • display role • permit vpn-instance • role 64