I wanted to only allow users to use interface command. But when I permit config terminal in ACS shell command set, all the commands are allowed. How can I limited the users to only have the permission for interfacce command?
Two things could be wrong
1) You don't have the following command on your AAA Client:
aaa authorization config-commands
2) You have clicked the 'Unmatched Commands' = Permit radio option in ACS, have a look at: