Hi There,

I'm new Shell Command Authorization and I'm not sure if im doing this right.. I'd like to create an authorization set to limit a user so that they can only add and remove a single policy map to a specific interface.

However, I'm having trouble limiting them to a single interface (e.g. FastEthernet 0/0). Whatever I do they seem to be able to access ALL interfaces.

Here is the ACS 4.1 setup

Unmatched Commands = DENY

configure=permit terminal

interface=permit FastEthernet 0/0

service-policy=permit input testpolicy

Permit Unmatched Args is also OFF (unticked).

Other commands are blocked OK.

Appreciate any help,

Thanks