https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054588#M406009 <HTML><HEAD></HEAD><BODY><P>As suggested by Faruk, it seems it is not checking for authorization in config t mode that is why you are able to execute all commands.</P><P></P><P>Please add </P><P>aaa authorization config-commands</P><P></P><P>Above command will enable authorization for config t mode.</P><P></P><P>Regards,</P><P>~JG</P></BODY></HTML> Mon, 13 Oct 2008 12:16:23 GMT Jagdeep Gambhir 2008-10-13T12:16:23Z https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054586#M406007 <P>I need help on the Authorization Set. I have the following currently configured.</P><P></P><P>clear permit port-security dynamic</P><P> permit port-security all</P><P> permit port-security sticky</P><P>permit mac-address-table dynamic</P><P></P><P>Configure permit terminal</P><P></P><P>end </P><P></P><P>exit </P><P></P><P>show permit port-security</P><P> permit mac-address-table</P><P>permit interfaces status</P><P> permit interfaces stats</P><P> permit running-config interface FastEthernet</P><P> permit ver</P><P></P><P>switchport permit port-security</P><P></P><P>write permit memory</P><P> permit network</P><P></P><P>copy running-config startup-config</P><P></P><P>everything seems to work fine. For example you can not do a show running config. </P><P></P><P>my problem is the conf t. Once you in you can do any commands you want ie. "int fax/x/x" "switchport access vlan XX" </P><P></P><P></P><P>I tried different interface permit commands and still can not restrict commands. </P><P></P><P>None of the permit unmatched commands are checked. </P><P></P><P></P><P>What I would like is to permit interaface commands for port security commands, but not allow shut or no shut. etc. </P><P></P> Sun, 10 Mar 2019 23:07:54 GMT https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054586#M406007 Steve Chapman 2019-03-10T23:07:54Z https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054587#M406008 <HTML><HEAD></HEAD><BODY><P>Have you turned on:</P><P></P><P>aaa authorization config-commands</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Sat, 11 Oct 2008 10:52:55 GMT https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054587#M406008 Farrukh Haroon 2008-10-11T10:52:55Z https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054588#M406009 <HTML><HEAD></HEAD><BODY><P>As suggested by Faruk, it seems it is not checking for authorization in config t mode that is why you are able to execute all commands.</P><P></P><P>Please add </P><P>aaa authorization config-commands</P><P></P><P>Above command will enable authorization for config t mode.</P><P></P><P>Regards,</P><P>~JG</P></BODY></HTML> Mon, 13 Oct 2008 12:16:23 GMT https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054588#M406009 Jagdeep Gambhir 2008-10-13T12:16:23Z https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054589#M406010 <HTML><HEAD></HEAD><BODY><P>that fixed it. thanks. </P></BODY></HTML> Wed, 15 Oct 2008 16:39:05 GMT https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054589#M406010 Steve Chapman 2008-10-15T16:39:05Z https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054590#M406011 <HTML><HEAD></HEAD><BODY><P>Its great to know you have it working now. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Please rate helpful posts to increase the utility of this information for future readers.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Wed, 15 Oct 2008 17:38:55 GMT https://community.cisco.com/t5/network-access-control/acs-3-3-shell-command-authorization-sets/m-p/1054590#M406011 Farrukh Haroon 2008-10-15T17:38:55Z