I set up a Shell Command Authorization Set. I want to give someone access to enter "configure terminal" and any "mac-address-table static *" commands.
Unmatched commands: Deny
configure -> permit terminal
mac-address-table -> permit static
I built a group and assigned this shell command authorization set to it, level 15, etc.
Now when I create a test user, I can enter "configure terminal" and any other command it seems. "router ospf 21", "interface vlan 101", etc. are all ALLOWED even though I haven't listed them in my command authorization set.
Any idea what I'm missing? Thank you for any responses.