Nexus 7010 role permit commands not working

ipsoft · ‎01-29-2012

Hello,

I have a Cisco Nexus 7010 switch that incorporates roles with specific allowed commands that can be run. However, a few commands will not work for unknown reasons.

The commands 'show system redundancy status' and 'command show version module *' (without single quotes) return a permission denied response when logged into this role:

*********************************************************************

VA2TSN01c7010nxA01# show system redundancy status

% Permission denied

VA2TSN01c7010nxA01# show version module 1 epld

% Permission denied

**********************************************************************

Below are the configs for this role:

role name new

rule 10 permit command clear access-list counters *

rule 9 permit command show version module *

rule 8 permit command show system redundancy status

rule 7 permit command trace *

rule 6 permit command ping *

rule 5 permit command term *

rule 4 permit command show *

rule 3 permit read

rule 2 deny command configure terminal

rule 1 deny command *

Role: new

Description: new role

Vlan policy: permit (default)

Interface policy: permit (default)

Vrf policy: permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

10 permit command clear access-list counters *

9 permit command show version module *

8 permit command show system redundancy status

7 permit command trace *

6 permit command ping *

5 permit command term *

4 permit command show *

3 permit read

2 deny command configure terminal

1 deny command *

Please help me understand why these rules aren't working even though the rules are present.

Thank you.