R Commands

role-create

This command creates roles and access controls for a switch.

Syntax   role-create

name name-string

Specify a name for the role.

scope [local|fabric]

Specify a scope for the role, either local or fabric.

Specify any of the following options:

access read-only|read-write

Specify the access type for the role. The default role is read-write.

running-config|no-running-config

Specify if a user with this the role can use the running-config-show command. You may want to limit which users can use running-config-show because the command can expose sensitive password information.

shell|no-shell

Specify if the user can access the shell.

sudo|no-sudo

Specify if the user can execute the sudo command from the shell.

Defaults   None.

Access   CLI

History   

Version 1.2

Command introduced.

Version 2.1

The parameter, vnet, is deprecated. The optional parameters access and running-config are added.

Version 2.6.0

The parameters, shell and sudo, added.

Usage   In a multi-tenant environment, a switch or fabric can be divided into smaller logical segments known as virtual networks (VNETs) using role-based access control (RBAC). This command allows you to create roles and access controls for the local switch or fabric.

Examples  To create the role, network-admin with access to the fabric and running configuration, use the following command:

CLI network-admin@switch > role-create name network-admin scope fabric access read-write running-config

role-delete

This command is used to delete an existing role from the configuration.

Syntax   role-delete  

name name-string

Specify the name of the role to delete from the configuration.

Defaults   None.

Access   CLI

History   Command introduced in nvOS Version 1.2.1.

Usage   You can remove previously created roles from the switch configuration.

Examples  To delete the role, network-admin, use the following command:

CLI network-admin@switch > role-delete name network-admin

role-modify

This command modifies roles and access controls for a switch.

Syntax   role-modify

name name-string

Specify a name for the role.

scope [local|fabric]

Specify a scope for the role, either local or fabric.

Specify any of the following options:

access read-only|read-write

Specify the access type for the role. The default role is read-write.

running-config|no-running-config

Specify if a user with this the role can use the running-config-show command. You may want to limit which users can use running-config-show because the command can expose sensitive password information.

shell|no-shell

Specify if the user can access the shell.

sudo|no-sudo

Specify if the user can execute the sudo command from the shell.

Defaults   None.

Access   CLI

History   

Version 2.0

Command introduced.

Version 2.1

The parameter, name, added.

Version 2.6.0

The parameters, shell|no-shell, and sudo|no-sudo added.

Usage   In a multi-tenant environment, a switch or fabric can be divided into smaller logical segments known as virtual networks (VNETs) using role-based access control (RBAC). This command allows you to modify roles and access controls for the local switch or fabric.

Examples  To modify a role, from read-write to read-only, use the following command:

CLI network-admin@switch > role-modify local-admin access read-only

role-show

This command is used to display roles in the switch configuration.

Syntax   role-show

name name-string

Specify a name for the role.

scope [local|fabric]

Specify a scope for the role, either local or fabric.

Specify any of the following options:

access read-only|read-write

Specify the access type for the role. The default role is read-write.

running-config|no-running-config

Specify if a user with this the role can use the running-config-show command. You may want to limit which users can use running-config-show because the command can expose sensitive password information.

shell|no-shell

Specify if the user can access the shell.

sudo|no-sudo

Specify if the user can execute the sudo command from the shell.

Defaults   None.

Access   CLI

History   

Version 2.0

Command introduced.

Version 2.1

The parameter, name, added.

Version 2.6.0

The parameters, shell|no-shell, and sudo|no-sudo added.

Usage   You can view all configured roles in the switch configuration.

Examples  To display all roles, use the following command:

CLI network-admin@switch > role-show format all layout

id:                 6000021:402

name:               vlb-web-svr-admin

scope:              fabric

vnet-access:        vlb-web-svr

access:             read-write

running-config:     deny

id:                 6000021:405

name:               test-admin

scope:              fabric

vnet-access:        test

access:             read-write

running-config:     deny


running-config-show

This command displays information about the current configuration on the switch.

Syntax   running-config-show

Defaults   None

Access   CLI

History   

Version 1.2

Command introduced.

Version 2.5.3

VNET administrator-related information displays when a VNET administrator runs this command.

Usage   Displays information about the current configuration on the switch.

Examples  To display the configuration, use the following command:

CLI network-admin@switch > running-config-show

The output is lengthy and includes port information, IP addresses, VNETs, and so on.

To view VNET administrator information:

  1.  Enable running-config for the VNET admin role, (vnet1-admin):

CLI network-admin@switch > role-modify name vnet1-admin running-config

  1. Log into the VNET, as vnet1-admin, and run the running-config-show command:

CLI vnet1-admin@switch > running-config-show

storage-pool-create name pool-disk2 device1 disk2

storage-pool-create name test

vnet-manager-modify name vnet1-mgr enable

vnet-manager-service-modify vnet-manager-name vnet1-mgr if eth0 web

storage-hapool-create name hapool1 local-pool pool-di hapool-peer-pool

pool-disk4 backup-interval 1m