P Commands
permit vrf
To permit virtual routing and forwarding instances (VRFs) for a user role VRF policy, use the permit vrf
command. To remove VRFs, use the no form of this command.
permit vrf vrf-name
no permit vrf vrf-name
Syntax Description
vrf-name
Command Default
All VRFs
Command Modes
User role VRF policy configuration
Command History
Release
4.0(1)
Usage Guidelines
The vrf policy deny command denies a user role access to all VRFs except for those that you allow with the
permit vrf command.
You can repeat this command to allow more than on VRF name for the user role.
This command does not require a license.
Examples
This example shows how to permit a VRF name for a user role VRF policy:
switch# configure terminal
switch(config)# role name MyRole
switch(config-role)# vrf policy deny
switch(config-role-vrf)# permit vrf management
This example shows how to permit a VRF name from a user role VRF policy:
switch# configure terminal
switch(config)# role name MyRole
switch(config-role)# vrf policy deny
switch(config-role-vrf)# no permit vrf engineering
Related Commands
Command
vrf policy deny
VRF name. The name is case sensitive.
Modification
This command was introduced.
Description
Enters VRF policy configuration mode for a user role.
Cisco Nexus 7000 Series Security Command Reference
permit vrf
581