Brocade Network OS NETCONF Operations Guide v4.1.1 Manual do Utilizador Página 215
- Página / 622
- Índice
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
Network OS NETCONF Operations Guide 183
53-1003231-02
Command access rules
15
Refer to the Network OS Administrator’s Guide for details about how rules apply to configuration
commands, operational commands, and interface key-based commands.
Configuring a placeholder rule
A rule created to allow the no-operation command does not enforce any authorization rules.
Instead, you can use this instance as a placeholder for a valid command that is added later, as
shown in the following example.
1. Issue the <edit-config> RPC to configure the <rule> node in the
urn:brocade.com:mgmt:brocade-aaa namespace.
2. Under the <rule> node, include the <command>/<enumList> hierarchy of node elements.
3. Under the <enumList> node, include the empty <no-operation> element to serve as a
placeholder.
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="810" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<rule xmlns="urn:brocade.com:mgmt:brocade-aaa">
<index>75</index>
<action>reject</action>
<operation>read-write</operation>
<role>NetworkAdmin</role>
<command>
<enumList>no-operation</enumList>
</command>
</rule>
</config>
</edit-config>
</rpc>
<rpc-reply message-id="810" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
Rule processing
When a user executes a command, rules are searched in ascending order by index for a match and
the action of the first matching rule is applied. If none of the rules match, command execution is
blocked. If conflicting permissions exist for a role in different indices, the rule with lowest index
number is applied.
operation Optional. Defines the general access mode granted by the rule. Access can be read-only or
read-write (default).
action Optional. A modifier restricting the general access mode. The specified access is either
accepted (accept) or rejected (reject). The default value is “reject”.
TABLE 7 Rule attributes (Continued)
Parameter Description
- Network OS 1
- Document History 2
- Contents (High Level) 3
- Contents (Detailed) 5
- Chapter 7 SNMP 8
- Chapter 8 Fabric 8
- Chapter 9 Metro VCS 8
- Chapter 13 VMware vCenter 10
- Chapter 19 Configuring AMPP 12
- Chapter 21 Configuring VLANs 13
- Chapter 22 Configuring VXLANs 14
- Chapter 25 Configuring UDLD 15
- Chapter 27 Configuring LLDP 16
- Chapter 28 Configuring ACLs 16
- Chapter 29 Configuring QoS 17
- Chapter 31 Configuring sFlow 18
- Chapter 32 IP Route Policy 18
- Chapter 34 Configuring OSPF 19
- Chapter 35 Configuring VRRP 19
- Section V Appendixes 20
- About This Document 27
- Document conventions 29
- Notes, cautions, and warnings 30
- Key terms 30
- Notice to the reader 31
- Additional information 31
- Getting technical help 32
- Document feedback 32
- Network OS Administration 33
- NETCONF Overview 35
- RPC request 37
- RPC reply 37
- RPC and error handling 38
- SSH subsystem 38
- RFC references 38
- NETCONF support in Network OS 39
- Basic NETCONF Operations 41
- Server capabilities 42
- Retrieving configuration data 43
- Subtree filtering 44
- Retrieving operational data 47
- Editing the configuration 50
- Managing the configuration 51
- Basic Switch Management 55
- Connecting to the switch 56
- Switch attributes 56
- Setting host attributes 57
- Rebooting a Brocade switch 59
- Replacing an interface module 61
- Configuring a switch banner 64
- </copy> 69
- </rpc-reply> 69
- Syslog server setup 70
- Adding syslog servers 71
- Removing a syslog server 74
- RASlog configuration 75
- Audit log configuration 77
- Network Time Protocol 79
- Time zone settings 80
- Evaluating a firmware upgrade 91
- ATTENTION 92
- Administering Licenses 97
- Obtaining a license key 98
- Reserving a port assignment 100
- 53-1003231-02 101
- In this chapter 105
- SNMP community strings 106
- Obtaining SNMP user names 108
- SNMP server hosts 109
- Removing the SNMP server host 111
- Enabling VCS Fabric mode 118
- Disabling VCS Fabric mode 118
- Enabling a fabric ISL 119
- Enabling a fabric trunk 120
- Disabling a fabric trunk 121
- Priorities 122
- Fabric ECMP load balancing 126
- Metro VCS 129
- Disabling a fabric ISL 130
- Administering Zones 133
- Default zoning access modes 134
- Zone database size 135
- Zone aliases 136
- Deleting an alias 141
- Zoning information 142
- Zone creation and management 147
- Adding a member to a zone 148
- Removing a member from a zone 149
- Deleting a zone 150
- Zone configuration management 151
- Enabling a zone configuration 154
- Deleting a zone configuration 155
- Zone configuration scenario 160
- • Cfg1 containing ZoneA only 161
- Compression 166
- Enabling a Fibre Channel port 168
- System Monitor Configuration 175
- FRU monitoring 176
- Alert notifications 180
- Configuring e-mail alerts 181
- To change the domain name: 183
- Resource monitoring 184
- Configuring CPU monitoring 185
- Security monitoring 186
- Interface monitoring 189
- Pausing interface monitoring 192
- VMware vCenter 195
- Step 2: Enabling CDP/LLDP 196
- Activating the vCenter 197
- Configuring Remote Monitoring 199
- Managing User Accounts 205
- Parameter Description 206
- Creating a user account 207
- Disabling a user account 209
- Deleting a user account 210
- Unlocking a user account 210
- Role-based access control 211
- User-defined roles 212
- Command access rules 214
- Rule processing 215
- Adding a rule 216
- Changing a rule 217
- Deleting a rule 217
- Verifying a rule 218
- Configuration examples 219
- Password policies 221
- Password encryption policy 222
- Account lockout policy 224
- Managing password policies 226
- Security event logging 228
- Login authentication mode 230
- TACACS+ servers 241
- TACACS+ accounting 243
- Enabling command accounting 244
- Disabling accounting 246
- Server authentication 247
- Deleting CA certificates 248
- FIPS compliance 249
- Active Directory groups 251
- Fabric Authentication 255
- Removing shared secrets 257
- Creating a defined SCC policy 260
- Modifying the SCC policy 261
- Activating the SCC policy 261
- Removing the SCC policy 263
- Edge-loop detection overview 267
- Configuring AMPP 273
- 7. Activate the profile 275
- Configuring VLAN profiles 276
- 3. Activate the profile 278
- Configuring FCoE profiles 281
- Configuring QoS profiles 282
- Configuring security profiles 286
- Deleting a port-profile 289
- Deleting a subprofile 291
- Deleting a port-profile-port 297
- Configuring FCoE Interfaces 303
- Configuring FCoE interfaces 304
- Obtaining FCoE status 307
- Configuring VLANs 309
- Creating a VLAN interface 312
- Enabling STP on a VLAN 312
- Disabling STP on a VLAN 314
- • Enables the interface 317
- • Specifies trunk mode 317
- Obtaining VLAN information 326
- Private VLANs 330
- Configuring a private VLAN 331
- Displaying PVLAN information 333
- Configuring VXLANs 335
- Displaying VXLAN information 341
- Configuring Virtual Fabrics 343
- • Primary VLAN 344
- • Isolated VLAN 344
- • Community VLAN 345
- Configuring MAC groups 358
- Transport service 359
- Configuring STP 362
- Configuring RSTP 364
- Configuring MSTP 367
- Specifying a link type 397
- Specifying the port priority 399
- Enabling spanning tree 403
- Disabling spanning tree 404
- Configuring UDLD 405
- Disabling UDLD 407
- Retrieving UDLD statistics 407
- Configuring Link Aggregation 409
- TABLE 12 Load balance flavor 415
- Configuring LLDP 421
- • <management-address> 428
- • <port-description> 428
- • <system-capabilities> 428
- • <adv-tlv-system-name> 428
- Configuring iSCSI priority 430
- Configuring LLDP profiles 430
- <edit-config> 431
- <target> 431
- <running/> 431
- (more interfaces go here) 434
- Deleting an LLDP profile 435
- Configuring ACLs 437
- Modifying MAC ACL rules 443
- Removing a MAC ACL 444
- Configuring QoS 453
- Rewriting 454
- Queueing 454
- Verifying QoS trust 455
- DSCP values User priority 460
- Verifying DSCP trust 461
- Creating a DSCP mutation map 462
- Traffic class mapping 469
- Mapping DSCP-to-Traffic-Class 473
- Congestion control 477
- Configuring CoS thresholds 478
- Random Early Detection 479
- Ethernet Pause 480
- Enabling Ethernet Pause 481
- Enabling Ethernet PFC 482
- Multicast rate limiting 483
- Configuring BUM storm control 484
- Scheduling 485
- Multicast queue scheduling 486
- Creating a CEE map 487
- Defining a priority-table map 489
- Verifying the CEE maps 490
- Brocade VCS Fabric QoS 491
- Port-based Policier 493
- Configuring the policy map 496
- Policy maps 499
- Class maps 500
- Priority maps 501
- Configuring Auto-QOS 502
- Disabling 802.1x globally 507
- 802.1x readiness check 508
- Configuring sFlow 517
- Flow-based sFlow 521
- Deleting a SPAN session 530
- SPAN in management cluster 531
- Configuring RSPAN 532
- VLAN 1010 as the destination 534
- IP Route Policy 537
- Configuring a route map 538
- IP Route Management 545
- Other routing operations 548
- Enabling IP load sharing 549
- Configuring OSPF 551
- OSPF over VRF 552
- OSPF in a VCS environment 552
- OSPF configuration rules 555
- Enabling OSPF on the router 556
- Disabling OSPF on the router 556
- Assigning OSPF areas 557
- Assigning virtual links 562
- Changing other settings 564
- Configuring VRRP 565
- Configuring the master router 567
- Configuring the backup router 569
- Enabling preemption 571
- Configuring VRF 585
- Enabling VRRP for VRF 588
- Configuring BGP 589
- Enabling BGP on an RBridge 590
- Disabling BGP on an RBridge 590
- Configuring BGP global mode 591
- Configuring IGMP 595
- Monitoring IGMP snooping 598
- Configuring DHCP Relay 599
- Appendixes 603
- Managing NETCONF 605
- • Capabilities 606
- • Datastores 606
- • Schemas 606
- • Sessions 606
- • Statistics 606
- Numerics 609
Manuais e produtos relacionados com Acessórios para Computador Brocade Network OS NETCONF Operations Guide v4.1.1
Acessórios para Computador Brocade VDX 6710-54 Hardware Reference Manual Manual do Utilizador
(72 páginas)
(72 páginas)
Acessórios para Computador Brocade VDX 6730 QuickStart Guide (Supporting VDX 6730-32 Manual do Utilizador
(12 páginas)
(12 páginas)
Acessórios para Computador Brocade VDX 8770-8 Two-Post Flush and Mid-Mount Rack Kit I Manual do Utilizador
(8 páginas)
(8 páginas)
Acessórios para Computador Brocade VDX 6730 Hardware Reference Manual (Supporting VDX Manual do Utilizador
(90 páginas)
(90 páginas)
Acessórios para Computador Brocade VDX 8770-8 Four-Post Flush and Recessed Mount Rack Manual do Utilizador
(10 páginas)
(10 páginas)
Acessórios para Computador Brocade VDX 8770-4 Two-Post Flush and Mid-Mount Rack Kit I Manual do Utilizador
(10 páginas)
(10 páginas)
Acessórios para Computador Brocade VDX 8770-8 Hardware Reference Manual Manual do Utilizador
(136 páginas)
(136 páginas)
Acessórios para Computador Brocade VDX 8770-4 Four-Post Flush Mount Rack Kit Installa Manual do Utilizador
(8 páginas)
(8 páginas)
Acessórios para Computador Brocade Network OS Administrator’s Guide v4.1.1 Manual do Utilizador
(748 páginas)
(748 páginas)
Acessórios para Computador Brocade VDX 8770-4 Four-Post Flush and Recessed Mount Inta Manual do Utilizador
(24 páginas)
(24 páginas)
Acessórios para Computador Brocade VDX 8770-4 Hardware Reference Manual Manual do Utilizador
(132 páginas)
(132 páginas)
Acessórios para Computador Brocade Universal Two-Post Rack Kit Installation Procedure Manual do Utilizador
(1 páginas)
(1 páginas)
Acessórios para Computador Brocade Universal Four Post Rack Kit Installation Procedur Manual do Utilizador
(20 páginas)
(20 páginas)
Acessórios para Computador Brocade VDX 6740 Hardware Reference Manual (Supporting VDX Manual do Utilizador
(78 páginas)
(78 páginas)
Acessórios para Computador Brocade 6910 Ethernet Access Switch MIB Reference Manual do Utilizador
(102 páginas)
(102 páginas)
Acessórios para Computador Brocade FCX Series Hardware Installation Guide Manual do Utilizador
(112 páginas)
(112 páginas)
(84 páginas)© 2020, manymanuals-pt.com. Todos os direitos reservados. | 0.060 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais