08-02-2012 02:32 AM
I need to configure class commans permissions.
I want useres from "smena-rw" group be allowed to execute "clear ip bgp neighbor x.x.x.x" ( particular neighbor)
But not allowed "clear bgp neighbor" - all neighbors.
user@router# show system login class smena-rw
permissions [ clear configure firewall-control interface-control network rollback routing-control view view-configuration ];
allow-commands "(clear bgp neighbor .*)";
deny-commands "(clear bgp neighbor$)";
Config above doesn't accomplish my goal ...
rw@router> clear bgp neighbor
rw@router> clear bgp neighbor ?
as Autonomous system (1..65535)
instance Name of BGP instance
logical-router Name of logical router, or 'all'
soft Soft reset outbound state
soft-inbound Soft reset inbound state by issuing Refresh
I'm not allowed to clear all bgp session, but also i'm not allowed to clear particular neighbor.