i am not sure about this but

Richard Bradfield · ‎05-27-2014

I want to give my level 1 support staff the ability to shutdown access interfaces but not trunk mode interface or vlan interfaces.

can this be done with priviledge commands. This is what i have so far

privilege interface level 7 desc
privilege interface level 7 switchport access vlan
privilege interface level 7 shut
privilege configure level 7 interface GigabitEthernet
privilege configure level 7 interface FastEthernet
privilege exec level 7 show
privilege exec level 7 configure terminal
privilege exec level 7 show logging
privilege exec level 7 show running interface

although this works, I can go into any interface and shut it down

is there anyway of stopping the command going to Vlan interfaces

kaaftab · ‎05-27-2014

i am not sure about this but you can use cisco EEM as a work around that is if any one shutdown the interface it automatically turns up as a security precaution.

I want to use the priviledge command to allow only switchport access interfaces to be shutdown

Secure Access: How to

DHCP relay agent check command

Secure Access: ZTA Private Access の3つの Enforcement Mode について

Secure Access: Umbrella動作確認URLのSecure Accessでの使用

[Q&A 集公開] 10/16 開催 Catalyst SD-WAN と Secure Access 連携