有哪个大佬知道用户等级 level 1---15分别对应的权限参数? 详细说明的那种
(0)
最佳答案
display role命令用来显示用户角色信息。
【命令】
display role [ name role-name ]
【视图】
任意视图
【缺省用户角色】
network-admin
network-operator
mdc-admin
mdc-operator
【参数】
name role-name:用户角色名称,为1~63个字符的字符串,区分大小写。如果不指定用户角色名称,则表示显示所有用户角色的信息,包括系统缺省存在的用户角色的信息。
【举例】
# 显示用户角色123的信息。
<Sysname> display role name 123
Role: 123
Description: new role
VLAN policy: deny
Permitted VLANs: 1 to 5, 7 to 8
Interface policy: deny
Permitted interfaces: Ten-GigabitEthernet1/0/1 to Ten-GigabitEthernet1/0/3, Vlan-interface1 to Vlan-interface20
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit RWX feature-group abc
2 deny -W- feature ldap
3 permit command system ; radius sc *
4 permit R-- xml-element -
5 permit RW- oid 1.2.1
R:Read W:Write X:Execute
# 显示所有用户角色的信息。
<Sysname> display role
Role: network-admin
Description: Predefined network admin role has access to all commands on the d
evice
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command *
sys-2 permit RWX web-menu -
sys-3 permit RWX xml-element -
sys-4 deny command display security-logfile summary
sys-5 deny command system-view ; info-center securi
ty-logfile directory *
sys-6 deny command security-logfile save
sys-7 permit RW- oid 1
R:Read W:Write X:Execute
Role: network-operator
Description: Predefined network operator role has access to all read commands
on the device
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command display *
sys-2 permit command xml
sys-3 permit command system-view ; probe ; display *
sys-4 deny command display history-command all
sys-5 deny command display exception *
sys-6 deny command display cpu-usage configuration
*
sys-7 deny command display kernel exception *
sys-8 deny command display kernel deadloop *
sys-9 deny command display kernel starvation *
sys-10 deny command display kernel reboot *
sys-11 deny command display memory trace *
sys-12 deny command display kernel memory *
sys-13 permit command system-view ; local-user *
sys-14 permit command system-view ; switchto *
sys-15 permit R-- web-menu -
sys-16 permit R-- xml-element -
sys-17 deny command display security-logfile summary
sys-18 deny command system-view ; info-center securi
ty-logfile directory *
sys-19 deny command security-logfile save
sys-20 deny command system-view ; local-user-import
*
sys-21 deny command system-view ; local-user-export
*
sys-22 permit R-- oid 1
R:Read W:Write X:Execute
Role: mdc-admin
Description: Predefined MDC admin role has access to all commands within an MD
C
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command *
sys-2 permit RWX web-menu -
sys-3 permit RWX xml-element -
sys-4 deny RWX feature mdc
sys-5 deny RWX feature install
sys-6 deny RWX feature irf
sys-7 permit command display version *
sys-8 permit command display copyright
sys-9 permit command system-view ; probe ; display sy
stem internal version *
sys-13 deny RWX feature vcf
sys-14 deny RWX feature smartmc
sys-15 permit command display mdc *
sys-19 deny command display security-logfile summary
sys-20 deny command system-view ; info-center securi
ty-logfile directory *
sys-21 deny command security-logfile save
sys-22 permit RW- oid 1
sys-23 deny command display fips status
sys-27 deny command display crypto version
sys-30 deny command system-view ; fips mode enable
sys-31 deny command system-view ; undo fips mode ena
ble
sys-37 deny command system-view ; max-ecmp-num *
sys-38 deny command display max-ecmp-num
sys-43 deny command system-view ; interface * ; usin
g tengige *
sys-44 deny command system-view ; interface * ; undo
using tengige *
sys-45 deny command system-view ; interface * ; usin
g fortygige *
sys-46 deny command system-view ; interface * ; undo
using fortygige *
sys-47 deny command system-view ; interface * ; usin
g hundredgige *
sys-48 deny command system-view ; interface * ; undo
using hundredgige *
sys-49 deny command system-view ; interface * ; usin
g twentygige *
sys-50 deny command system-view ; interface * ; undo
using twentygige *
sys-51 deny command system-view ; interface * ; usin
g twenty-fivegige *
sys-52 deny command system-view ; interface * ; undo
using twenty-fivegige *
sys-53 deny command system-view ; using hundredgige-
from-fortygige *
sys-55 deny command system-view ; using fortygige-fr
om-hundredgige *
sys-60 deny command system-view ; probe; display sys
tem internal file *
sys-61 deny command system-view ; probe; display sys
tem internal hook *
sys-62 deny command system-view ; probe; hook *
sys-68 deny command system-view ; clock *
sys-69 deny command system-view ; undo clock *
sys-70 deny command system-view ; version check igno
re
sys-71 deny command system-view ; undo version check
ignore
sys-72 deny command system-view ; version auto-updat
e enable
sys-73 deny command system-view ; undo version auto-
update enable
sys-78 deny command system-view ; switch-fabric *
sys-79 deny command system-view ; undo switch-fabric
*
sys-80 deny command system-view ; fabric load-sharin
g mode *
sys-81 deny command system-view ; memory-threshold *
sys-82 deny command system-view ; undo memory-thresh
old *
sys-88 deny command system-view ; password-recovery
enable
sys-89 deny command system-view ; undo password-reco
very enable
sys-98 deny command system-view ; monitor kernel *
sys-99 deny command system-view ; undo monitor kerne
l *
sys-108 deny command system-view ; poe *
sys-109 deny command system-view ; undo poe *
sys-110 permit command system-view ; poe-profile *
sys-111 permit command system-view ; undo poe-profile *
sys-112 deny command system-view ; system-working-mod
e *
sys-113 deny command system-view ; undo system-workin
g-mode
sys-119 deny command system-view ; forward-path-detec
tion enable
sys-120 deny command system-view ; hardware-failure-d
etection *
sys-121 deny command system-view ; undo hardware-fail
ure-detection *
sys-122 deny command system-view ; forward-path-detec
tion enable
sys-123 deny command system-view ; undo forward-path-
detection enable
sys-124 deny command system-view ; hardware-failure-p
rotection aggregation
sys-125 deny command system-view ; undo hardware-fail
ure-protection aggregation
sys-127 deny command display debugging dev
sys-128 deny command clock *
sys-132 deny command display alarm *
sys-138 deny command display hardware-failure-detecti
on
sys-141 deny command display memory-threshold *
sys-142 deny command display power-supply *
sys-145 deny command display system-working-mode
sys-150 deny command display system stable state mdc
*
sys-153 deny command restore factory-default
sys-154 deny command reset scheduler logfile
sys-155 deny command bootrom *
sys-162 deny command display poe device
sys-164 deny command display poe pse *
sys-165 deny command display poe-power
sys-167 deny command display kernel exception *
sys-168 deny command display kernel deadloop *
sys-169 deny command display kernel starvation *
sys-170 deny command display kernel reboot *
sys-171 deny command display kernel memory *
sys-172 deny command kernel memory trace *
sys-173 deny command undo kernel memory trace *
sys-175 deny command reset kernel *
sys-177 deny command reboot slot *
sys-183 deny command format *
sys-184 deny command mount *
sys-185 deny command umount *
sys-186 deny command fixdisk *
sys-187 deny command fdisk *
R:Read W:Write X:Execute
Role: mdc-operator
Description: Predefined MDC operator role has access to all read commands with
in an MDC
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command display *
sys-2 permit command xml
sys-3 deny command display history-command all
sys-4 deny command display exception *
sys-5 deny command display cpu-usage configuration
*
sys-6 deny command display kernel exception *
sys-7 deny command display kernel deadloop *
sys-8 deny command display kernel starvation *
sys-9 deny command display kernel reboot *
sys-10 deny command display memory trace *
sys-11 deny command display kernel memory *
sys-12 permit command system-view ; local-user *
sys-15 permit R-- web-menu -
sys-16 permit R-- xml-element -
sys-17 deny command display security-logfile summary
sys-18 deny command system-view ; info-center securi
ty-logfile directory *
sys-19 deny command security-logfile save
sys-20 permit R-- oid 1
sys-21 deny command display alarm *
sys-27 deny command display hardware-failure-detecti
on
sys-30 deny command display memory-threshold *
sys-31 deny command display power-supply *
sys-34 deny command display system-working-mode
sys-39 deny command display system stable state mdc
*
sys-44 deny command display poe device
sys-46 deny command display poe pse *
sys-47 deny command display poe-power *
sys-49 deny command display smartmc *
R:Read W:Write X:Execute
Role: level-0
Description: Predefined level-0 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command tracert *
sys-2 permit command telnet *
sys-3 permit command ping *
sys-4 permit command ssh2 *
sys-5 permit command super *
sys-6 permit command mtrace *
R:Read W:Write X:Execute
Role: level-1
Description: Predefined level-1 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command tracert *
sys-2 permit command telnet *
sys-3 permit command ping *
sys-4 permit command ssh2 *
sys-5 permit command display *
sys-6 permit command super *
sys-7 deny command display history-command all
sys-8 permit command mtrace *
R:Read W:Write X:Execute
Role: level-2
Description: Predefined level-2 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-3
Description: Predefined level-3 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-4
Description: Predefined level-4 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-5
Description: Predefined level-5 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-6
Description: Predefined level-6 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-7
Description: Predefined level-7 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-8
Description: Predefined level-8 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-9
Description: Predefined level-9 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit RWX feature -
sys-2 deny RWX feature device
sys-3 deny RWX feature filesystem
sys-4 permit command display *
sys-5 deny command display history-command all
R:Read W:Write X:Execute
Role: level-10
Description: Predefined level-10 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-11
Description: Predefined level-11 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-12
Description: Predefined level-12 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-13
Description: Predefined level-13 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-14
Description: Predefined level-14 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Role: level-15
Description: Predefined level-15 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command *
sys-2 permit RWX web-menu -
sys-3 permit RWX xml-element -
sys-4 deny command display security-logfile summary
sys-5 deny command system-view ; info-center securi
ty-logfile directory *
sys-6 deny command security-logfile save
sys-7 permit RW- oid 1
R:Read W:Write X:Execute
Role: security-audit
Description: Predefined security audit role only has access to commands for th
e security log administrator
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 deny command *
sys-2 permit command display security-logfile summary
sys-3 permit command system-view ; info-center securi
ty-logfile directory *
sys-4 permit command security-logfile save
sys-5 permit command cd *
sys-6 permit command copy *
sys-7 permit command delete *
sys-8 permit command dir *
sys-9 permit command mkdir *
sys-10 permit command more *
sys-11 permit command move *
sys-12 permit command rmdir *
sys-13 permit command pwd
sys-14 permit command rename *
sys-15 permit command undelete *
sys-16 permit command ftp *
sys-17 permit command sftp *
R:Read W:Write X:Execute
Role: guest-manager
Description: Predefined guest manager role can't access to commands
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit RWX xml-element useraccounts/approveguest/
sys-2 permit RWX xml-element useraccounts/exportguestaccount/
sys-3 permit RWX xml-element useraccounts/generateguestaccoun
t/
sys-4 permit RWX xml-element useraccounts/guest/
sys-5 permit RWX xml-element useraccounts/guestconfigure/
sys-6 permit RWX xml-element useraccounts/importguestaccount/
sys-7 permit RWX xml-element useraccounts/exportguesttemplet/
sys-8 permit RWX xml-element rpc/
sys-9 deny command *
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论