ACS shell command authorization help

Answered Question
Jun 12th, 2008


I wanted to only allow users to use interface command. But when I permit config terminal in ACS shell command set, all the commands are allowed. How can I limited the users to only have the permission for interfacce command?


I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 8 years 4 months ago

Two things could be wrong

1) You don't have the following command on your AAA Client:

aaa authorization config-commands

2) You have clicked the 'Unmatched Commands' = Permit radio option in ACS, have a look at:



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
royalblues Thu, 06/12/2008 - 07:20

Did you configure something like

configure permit terminal

interface permit fastethernet

HAve a look at the attached doc for shell command auth configuration


emmawuxp06 Thu, 06/12/2008 - 07:42

yes, i missed the command - aaa authorization config-commands on the clients. After i added that, it works.

Thanks for your help


This Discussion