R Commands
role-create
This command creates roles and access controls for a switch.
Syntax role-create
name name-string |
Specify a name for the role. |
scope [local|fabric] |
Specify a scope for the role, either local or fabric. |
Specify any of the following options: |
|
access read-only|read-write |
Specify the access type for the role. The default role is read-write. |
running-config|no-running-config |
Specify if a user with this the role can use the running-config-show command. You may want to limit which users can use running-config-show because the command can expose sensitive password information. |
shell|no-shell |
Specify if the user can access the shell. |
sudo|no-sudo |
Specify if the user can execute the sudo command from the shell. |
Defaults None.
Access CLI
History
Version 1.2 |
Command introduced. |
Version 2.1 |
The parameter, vnet, is deprecated. The optional parameters access and running-config are added. |
Version 2.6.0 |
The parameters, shell and sudo, added. |
Usage In a multi-tenant environment, a switch or fabric can be divided into smaller logical segments known as virtual networks (VNETs) using role-based access control (RBAC). This command allows you to create roles and access controls for the local switch or fabric.
Examples To create the role, network-admin with access to the fabric and running configuration, use the following command:
CLI network-admin@switch > role-create name network-admin scope fabric access read-write running-config
role-delete
This command is used to delete an existing role from the configuration.
Syntax role-delete
name name-string |
Specify the name of the role to delete from the configuration. |
Defaults None.
Access CLI
History Command introduced in nvOS Version 1.2.1.
Usage You can remove previously created roles from the switch configuration.
Examples To delete the role, network-admin, use the following command:
CLI network-admin@switch > role-delete name network-admin
role-modify
This command modifies roles and access controls for a switch.
Syntax role-modify
name name-string |
Specify a name for the role. |
scope [local|fabric] |
Specify a scope for the role, either local or fabric. |
Specify any of the following options: |
|
access read-only|read-write |
Specify the access type for the role. The default role is read-write. |
running-config|no-running-config |
Specify if a user with this the role can use the running-config-show command. You may want to limit which users can use running-config-show because the command can expose sensitive password information. |
shell|no-shell |
Specify if the user can access the shell. |
sudo|no-sudo |
Specify if the user can execute the sudo command from the shell. |
Defaults None.
Access CLI
History
Version 2.0 |
Command introduced. |
Version 2.1 |
The parameter, name, added. |
Version 2.6.0 |
The parameters, shell|no-shell, and sudo|no-sudo added. |
Usage In a multi-tenant environment, a switch or fabric can be divided into smaller logical segments known as virtual networks (VNETs) using role-based access control (RBAC). This command allows you to modify roles and access controls for the local switch or fabric.
Examples To modify a role, from read-write to read-only, use the following command:
CLI network-admin@switch > role-modify local-admin access read-only
role-show
This command is used to display roles in the switch configuration.
Syntax role-show
name name-string |
Specify a name for the role. |
scope [local|fabric] |
Specify a scope for the role, either local or fabric. |
Specify any of the following options: |
|
access read-only|read-write |
Specify the access type for the role. The default role is read-write. |
running-config|no-running-config |
Specify if a user with this the role can use the running-config-show command. You may want to limit which users can use running-config-show because the command can expose sensitive password information. |
shell|no-shell |
Specify if the user can access the shell. |
sudo|no-sudo |
Specify if the user can execute the sudo command from the shell. |
Defaults None.
Access CLI
History
Version 2.0 |
Command introduced. |
Version 2.1 |
The parameter, name, added. |
Version 2.6.0 |
The parameters, shell|no-shell, and sudo|no-sudo added. |
Usage You can view all configured roles in the switch configuration.
Examples To display all roles, use the following command:
CLI network-admin@switch > role-show format all layout
id: 6000021:402
name: vlb-web-svr-admin
scope: fabric
vnet-access: vlb-web-svr
access: read-write
running-config: deny
id: 6000021:405
name: test-admin
scope: fabric
vnet-access: test
access: read-write
running-config: deny
running-config-show
This command displays information about the current configuration on the switch.
Syntax running-config-show
Defaults None
Access CLI
History
Version 1.2 |
Command introduced. |
Version 2.5.3 |
VNET administrator-related information displays when a VNET administrator runs this command. |
Usage Displays information about the current configuration on the switch.
Examples To display the configuration, use the following command:
CLI network-admin@switch > running-config-show
The output is lengthy and includes port information, IP addresses, VNETs, and so on.
To view VNET administrator information:
- Enable running-config for the VNET admin role, (vnet1-admin):
CLI network-admin@switch > role-modify name vnet1-admin running-config
- Log into the VNET, as vnet1-admin, and run the running-config-show command:
CLI vnet1-admin@switch > running-config-show
storage-pool-create name pool-disk2 device1 disk2
storage-pool-create name test
vnet-manager-modify name vnet1-mgr enable
vnet-manager-service-modify vnet-manager-name vnet1-mgr if eth0 web
storage-hapool-create name hapool1 local-pool pool-di hapool-peer-pool
pool-disk4 backup-interval 1m