https://community.cisco.com/t5/network-access-control/restrict-single-interface-acs-5-4/m-p/2258305#M111523 <P>Hello,</P><P></P><P>I am running ACS 5.4.0.46.4.&nbsp; I am creating command sets to restrict access for a certain group of users.&nbsp; Is there any way to restrict them from accessing a specific interface (Gi1/1/1 for instance)?&nbsp; I tried putting a "deny interface GigabitEthernet1/1/1" into the command set rules, but I am still able to access that interface?</P> Mon, 11 Mar 2019 03:38:08 GMT deanlee10 2019-03-11T03:38:08Z https://community.cisco.com/t5/network-access-control/restrict-single-interface-acs-5-4/m-p/2258305#M111523 <P>Hello,</P><P></P><P>I am running ACS 5.4.0.46.4.&nbsp; I am creating command sets to restrict access for a certain group of users.&nbsp; Is there any way to restrict them from accessing a specific interface (Gi1/1/1 for instance)?&nbsp; I tried putting a "deny interface GigabitEthernet1/1/1" into the command set rules, but I am still able to access that interface?</P> Mon, 11 Mar 2019 03:38:08 GMT https://community.cisco.com/t5/network-access-control/restrict-single-interface-acs-5-4/m-p/2258305#M111523 deanlee10 2019-03-11T03:38:08Z https://community.cisco.com/t5/network-access-control/restrict-single-interface-acs-5-4/m-p/2258306#M111572 <HTML><HEAD></HEAD><BODY><P>Please post the screen shot of command set that you have created on ACS under policy elements.</P><P></P><P>From the end network device, get the following o/p</P><P>-debug tacacs</P><P>-debug aaa authen</P><P>-debug aaa author</P><P>-show run | in aaa</P><P></P><P>From&nbsp; ACS 5.4 &gt; monitoring and logging &gt; tacacs authorization &gt; find the user failed attempt &gt; clcik on the magnifying glass in front of it and attach the screen shot of that page.</P><P></P><P></P><P>~BR <BR />Jatin Katyal <BR /> <BR />**Do rate helpful posts**</P></BODY></HTML> Wed, 10 Jul 2013 12:34:13 GMT https://community.cisco.com/t5/network-access-control/restrict-single-interface-acs-5-4/m-p/2258306#M111572 Jatin Katyal 2013-07-10T12:34:13Z https://community.cisco.com/t5/network-access-control/restrict-single-interface-acs-5-4/m-p/2258307#M111624 <HTML><HEAD></HEAD><BODY><P>Actually I figured it out.&nbsp; I left out the space between the interface type (Gi) and number (1/1/1) in the argument.</P></BODY></HTML> Wed, 10 Jul 2013 12:56:04 GMT https://community.cisco.com/t5/network-access-control/restrict-single-interface-acs-5-4/m-p/2258307#M111624 deanlee10 2013-07-10T12:56:04Z https://community.cisco.com/t5/network-access-control/restrict-single-interface-acs-5-4/m-p/2258308#M111647 <HTML><HEAD></HEAD><BODY><P>Alright, that's a good news.</P><P>Here is a link to configure command authorization on ACS 5. You may want to bookmark it.</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps9911/products_configuration_example09186a0080bc8514.shtml#ade">http://www.cisco.com/en/US/products/ps9911/products_configuration_example09186a0080bc8514.shtml#ade</A></P><P></P><P></P><P>~BR <BR />Jatin Katyal <BR /> <BR />**Do rate helpful posts**</P></BODY></HTML> Wed, 10 Jul 2013 13:01:11 GMT https://community.cisco.com/t5/network-access-control/restrict-single-interface-acs-5-4/m-p/2258308#M111647 Jatin Katyal 2013-07-10T13:01:11Z