Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Nexus 7010 role permit commands not working

Hello,

I have a Cisco Nexus 7010 switch that incorporates roles with specific allowed commands that can be run. However, a few commands will not work for unknown reasons.

The commands 'show system redundancy status' and 'command show version module *' (without single quotes) return a permission denied response when logged into this role:

*********************************************************************

VA2TSN01c7010nxA01# show system redundancy status


% Permission denied

VA2TSN01c7010nxA01# show version module 1 epld


% Permission denied

**********************************************************************

Below are the configs for this role:

role name new

  rule 10 permit command clear access-list counters *

  rule 9 permit command show version module *

  rule 8 permit command show system redundancy status

  rule 7 permit command trace *

  rule 6 permit command ping *

  rule 5 permit command term *

  rule 4 permit command show *

  rule 3 permit read

  rule 2 deny command configure terminal

  rule 1 deny command *

Role: new

  Description: new role

  Vlan policy: permit (default)

  Interface policy: permit (default)

  Vrf policy: permit (default)

  -------------------------------------------------------------------

  Rule    Perm    Type        Scope               Entity

  -------------------------------------------------------------------

  10      permit  command                         clear access-list counters *

  9       permit  command                         show version module *

  8       permit  command                         show system redundancy status

  7       permit  command                         trace *

  6       permit  command                         ping *

  5       permit  command                         term *

  4       permit  command                         show *

  3       permit  read

  2       deny    command                         configure terminal

  1       deny    command                         *

Please help me understand why these rules aren't working even though the rules are present.

Thank you.

Everyone's tags (1)
606
Views
0
Helpful
0
Replies
CreatePlease to create content