vsan policy deny
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
vsan policy deny
To configure a vsan-based role, use the vsan policy deny command in configuration mode. Use the no
form of this command to delete a configured role.
Syntax Description
permit
vsan vsan-id
Defaults
Permit.
Command Modes
Configuration mode—role name submode.
Command History
Release
1.2(1)
Usage Guidelines
You can configure a role so that it only allows commands to be performed for a selected set of VSANs.
By default, the VSAN policy of a role is permit. In other words, the role can perform commands
configured by the rule command in all VSANs. In order to selectively allow VSANs for a role, the
VSAN policy needs to be set to deny and then the appropriate VSANs need to be permitted.
Examples
The following example places you in sangroup role submode.
switch# config t
switch(config)# role name sangroup
switch(config-role)#
The following example changes the VSAN policy of this role to deny and places you in a submode where
VSANs can be selectively permitted.
switch(config)# vsan policy deny
switch(config-role-vsan)
The following example deletes the configured VSAN role policy and reverts to the factory default
(permit).
switch(config-role)# no vsan policy deny
The following example permits this role to perform the allowed commands for VSANs 10 through 30.
Cisco MDS 9000 Family Command Reference
25-12
vsan policy deny
permit vsan vsan-id
vsan policy deny
no permit vsan vsan-id
no vsan policy deny
Remove commands from the role.
Specifies the VSAN ID. The range is 1 to 4093.
Modification
This command was introduced.
Chapter 25
V Commands
OL-8413-07, Cisco MDS SAN-OS Release 3.x