https://community.cisco.com/t5/network-access-control/command-authorization-issue/m-p/1625651#M257972 <P>Hi There, I am trying to setup command authorization in ACS 4.2.1.15 but its partially working.</P><P></P><P>I have setup three sets of shell command ... full access is working fine. another one is read only which is causing problem. in this command set I have allowed show commands and clear commands....everything is working fine but users can execute Write command from # prompt and they can also execute copy running-config startup-config....</P><P></P><P>I have define command set as below:</P><P></P><P>clear&nbsp;&nbsp; permit arp</P><P></P><P>show&nbsp;&nbsp; permit interface</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; permit version</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; permit port-security</P><P></P><P>i hav selected unmatched command as deny and unmatched argument as deny.</P><P></P><P></P><P>I dont know why its happening. am i missing something.</P><P></P><P>Please help...</P> Mon, 11 Mar 2019 00:45:17 GMT jain.nitin 2019-03-11T00:45:17Z https://community.cisco.com/t5/network-access-control/command-authorization-issue/m-p/1625651#M257972 <P>Hi There, I am trying to setup command authorization in ACS 4.2.1.15 but its partially working.</P><P></P><P>I have setup three sets of shell command ... full access is working fine. another one is read only which is causing problem. in this command set I have allowed show commands and clear commands....everything is working fine but users can execute Write command from # prompt and they can also execute copy running-config startup-config....</P><P></P><P>I have define command set as below:</P><P></P><P>clear&nbsp;&nbsp; permit arp</P><P></P><P>show&nbsp;&nbsp; permit interface</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; permit version</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; permit port-security</P><P></P><P>i hav selected unmatched command as deny and unmatched argument as deny.</P><P></P><P></P><P>I dont know why its happening. am i missing something.</P><P></P><P>Please help...</P> Mon, 11 Mar 2019 00:45:17 GMT https://community.cisco.com/t5/network-access-control/command-authorization-issue/m-p/1625651#M257972 jain.nitin 2019-03-11T00:45:17Z https://community.cisco.com/t5/network-access-control/command-authorization-issue/m-p/1625652#M257977 <HTML><HEAD></HEAD><BODY><P>Can you post the AAA configuration on the router? Did you configure command authorization on it?</P></BODY></HTML> Sun, 30 Jan 2011 18:33:21 GMT https://community.cisco.com/t5/network-access-control/command-authorization-issue/m-p/1625652#M257977 Javier Henderson 2011-01-30T18:33:21Z