https://community.cisco.com/t5/network-access-control/acs-disabling-command-in/m-p/3073140#M23989 <P>Hi John,</P> <P></P> <P>You can do thois through Policy &gt; Authorization. Create the relevant conditions and apply them there.</P> Tue, 14 Feb 2017 10:57:16 GMT Raymond Zwarts 2017-02-14T10:57:16Z https://community.cisco.com/t5/network-access-control/acs-disabling-command-in/m-p/3073139#M23988 <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">We would like to inquire if possible to restrict the access of our site IT, to prevent them changing the port that are already in siwtchport mode trunk, and also prevent them to shutdown.</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;"></SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">configure terminal</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">show</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">interface</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">shutdown</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">no</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">exit</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">end</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">copy</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">enable</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">traceroute</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">switchport</SPAN></P> <P><SPAN style="color: #1f497d; font-size: 10pt; font-family: 'courier new', courier, monospace;">clear port-security </SPAN></P> Mon, 11 Mar 2019 07:27:44 GMT https://community.cisco.com/t5/network-access-control/acs-disabling-command-in/m-p/3073139#M23988 John 2019-03-11T07:27:44Z https://community.cisco.com/t5/network-access-control/acs-disabling-command-in/m-p/3073140#M23989 <P>Hi John,</P> <P></P> <P>You can do thois through Policy &gt; Authorization. Create the relevant conditions and apply them there.</P> Tue, 14 Feb 2017 10:57:16 GMT https://community.cisco.com/t5/network-access-control/acs-disabling-command-in/m-p/3073140#M23989 Raymond Zwarts 2017-02-14T10:57:16Z https://community.cisco.com/t5/network-access-control/acs-disabling-command-in/m-p/3073141#M23990 <P>You will want to configure command authorization on the router (switch, etc.) and then create a command authorization set on&nbsp;ACS, and apply it to an authorization policy.</P> Wed, 15 Feb 2017 16:13:50 GMT https://community.cisco.com/t5/network-access-control/acs-disabling-command-in/m-p/3073141#M23990 Javier Henderson 2017-02-15T16:13:50Z