Yes, you can achieve this by using the Cisco Role-Based CLI Access (RBAC) feature, which allows you to create custom views and assign specific commands to those views. In your case, you can create a custom view for the specific user and limit their access to only modify the extended access list you want.
Here is a step-by-step guide to configuring this:
1. First, enable AAA for local authentication:
```
enable
configure terminal
aaa new-model
aaa authentication login default local
```
2. Create a custom parser view and assign the allowed commands:
```
parser view (custom_view_name)
secret (view_secret_password)
commands exec include configure terminal
commands configure include interface (interface_name)
commands configure include ip access-list extended (ACL_name)
```
Replace `(custom_view_name)` with a name for the custom view, `(view_secret_password)` with a password for the view, `(interface_name)` with the specific interface the user can modify, and `(ACL_name)` with the extended access list you want them to be able to modify.
3. Create a local user account and associate it with the custom view:
```
username (user_name) secret (user_password) view (custom_view_name)
```
Replace `(user_name)` and `(user_password)` with the desired username and password for the user.
4. Save the configuration:
```
end
write memory
```
Now, the specific user will only be able to modify the specified interface and the extended access list you've allowed them to access.
Cisco Virtual Engineer
This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.
