Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nexus 7010 role permit commands not working

Hello,

I have a Cisco Nexus 7010 switch that incorporates roles with specific allowed commands that can be run. However, a few commands will not work for unknown reasons.

The commands 'show system redundancy status' and 'command show version module *' (without single quotes) return a permission denied response when logged into this role:

*********************************************************************

VA2TSN01c7010nxA01# show system redundancy status


% Permission denied

VA2TSN01c7010nxA01# show version module 1 epld


% Permission denied

**********************************************************************

Below are the configs for this role:

role name new

  rule 10 permit command clear access-list counters *

  rule 9 permit command show version module *

  rule 8 permit command show system redundancy status

  rule 7 permit command trace *

  rule 6 permit command ping *

  rule 5 permit command term *

  rule 4 permit command show *

  rule 3 permit read

  rule 2 deny command configure terminal

  rule 1 deny command *

Role: new

  Description: new role

  Vlan policy: permit (default)

  Interface policy: permit (default)

  Vrf policy: permit (default)

  -------------------------------------------------------------------

  Rule    Perm    Type        Scope               Entity

  -------------------------------------------------------------------

  10      permit  command                         clear access-list counters *

  9       permit  command                         show version module *

  8       permit  command                         show system redundancy status

  7       permit  command                         trace *

  6       permit  command                         ping *

  5       permit  command                         term *

  4       permit  command                         show *

  3       permit  read

  2       deny    command                         configure terminal

  1       deny    command                         *

Please help me understand why these rules aren't working even though the rules are present.

Thank you.

Everyone's tags (1)
1482
Views
0
Helpful
0
Replies
CreatePlease login to create content