Hello,
I have a Cisco Nexus 7010 switch that incorporates roles with specific allowed commands that can be run. However, a few commands will not work for unknown reasons.
The commands 'show system redundancy status' and 'command show version module *' (without single quotes) return a permission denied response when logged into this role:
*********************************************************************
VA2TSN01c7010nxA01# show system redundancy status
% Permission denied
VA2TSN01c7010nxA01# show version module 1 epld
% Permission denied
**********************************************************************
Below are the configs for this role:
role name new
rule 10 permit command clear access-list counters *
rule 9 permit command show version module *
rule 8 permit command show system redundancy status
rule 7 permit command trace *
rule 6 permit command ping *
rule 5 permit command term *
rule 4 permit command show *
rule 3 permit read
rule 2 deny command configure terminal
rule 1 deny command *
Role: new
Description: new role
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
10 permit command clear access-list counters *
9 permit command show version module *
8 permit command show system redundancy status
7 permit command trace *
6 permit command ping *
5 permit command term *
4 permit command show *
3 permit read
2 deny command configure terminal
1 deny command *
Please help me understand why these rules aren't working even though the rules are present.
Thank you.