Hi There,
I'm new Shell Command Authorization and I'm not sure if im doing this right.. I'd like to create an authorization set to limit a user so that they can only add and remove a single policy map to a specific interface.
However, I'm having trouble limiting them to a single interface (e.g. FastEthernet 0/0). Whatever I do they seem to be able to access ALL interfaces.
Here is the ACS 4.1 setup
Unmatched Commands = DENY
configure=permit terminal
interface=permit FastEthernet 0/0
service-policy=permit input testpolicy
Permit Unmatched Args is also OFF (unticked).
Other commands are blocked OK.
Appreciate any help,
Thanks