https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132936#M406056 <P>I'd like to configure shell authorization sets in ACS for Routers and switches .In this scenario, the users are able to use selective commands (configure terminal and to shut and no shut the interface only ) how can i do that on ACS</P><P>I tried the following but it doesn't work</P><P></P><P>configure permit terminal</P><P>interface permit shutdown</P><P> permit no shtdown</P><P></P><P>when i tested i can use any command under the interface configuration mode but i'd like to restrict it to shut and no shut only </P> Sun, 10 Mar 2019 23:07:31 GMT welcomeccie 2019-03-10T23:07:31Z https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132936#M406056 <P>I'd like to configure shell authorization sets in ACS for Routers and switches .In this scenario, the users are able to use selective commands (configure terminal and to shut and no shut the interface only ) how can i do that on ACS</P><P>I tried the following but it doesn't work</P><P></P><P>configure permit terminal</P><P>interface permit shutdown</P><P> permit no shtdown</P><P></P><P>when i tested i can use any command under the interface configuration mode but i'd like to restrict it to shut and no shut only </P> Sun, 10 Mar 2019 23:07:31 GMT https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132936#M406056 welcomeccie 2019-03-10T23:07:31Z https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132937#M406057 <HTML><HEAD></HEAD><BODY><P>Make sure permit unmatched argument is not checked. See attachment.</P><P></P><P></P><P>Regards,</P><P>~JG</P><P></P><P>Do rate helpful posts </P><P></P><P> </P><P></P></BODY></HTML> Tue, 07 Oct 2008 17:49:51 GMT https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132937#M406057 Jagdeep Gambhir 2008-10-07T17:49:51Z https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132938#M406058 <HTML><HEAD></HEAD><BODY><P>I need it on all the interfaces not one only and Should i configure privilege command on the router and switches too?</P></BODY></HTML> Wed, 08 Oct 2008 00:00:02 GMT https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132938#M406058 welcomeccie 2008-10-08T00:00:02Z https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132939#M406059 <HTML><HEAD></HEAD><BODY><P>I am having the same problem under Config t. I can't seem to restrict anything after that. I do not have perment unmatched... chekced, </P></BODY></HTML> Fri, 10 Oct 2008 19:49:14 GMT https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132939#M406059 Steve Chapman 2008-10-10T19:49:14Z https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132940#M406060 <HTML><HEAD></HEAD><BODY><P>Steve,</P><P></P><P>Did you resolve this issue??? I have configured shell authorization on the ACS and want to allow certain users to access conf t but limit their commands after this. When I do a shell set that includes 'configure permit terminal' there does not appear to be anyway to control the configuration commands. Access to all configuration is granted.</P><P></P><P>Any guidence would be appreciated.</P><P></P><P>Dean</P></BODY></HTML> Mon, 17 Nov 2008 21:54:11 GMT https://community.cisco.com/t5/network-access-control/acs-authorization/m-p/1132940#M406060 DEAN WETHERALD 2008-11-17T21:54:11Z