I am trying to set up command line filters to deny sniffer commands being entered. I have setup a Command Set and applied it to an Authorization Policy. The command filter works fine for commands in privileged mode. However, the filter doesn't work for any command that is entered in Config mode.
For a test I have setup a Command Set that will deny:
The first three command are entered from the initial privilege mode and they are failed by the ACS. The last two commands can only be entered in config mode and the ACS does not stop them being entered.
I have attached two screenshots which show the Command Set configuration on the ACS and a Terminal session which commands are filtered and which are let through.
Has anyone else come across this problem? Is there something else I should be adding to the Command Set? Is this a bug?
There is a bug on the Cisco Website which relates to command filters:
I do not know if this bug applies to this issue as there is so little information on it. Also, if it does apply I do not understand the workaround to apply it to this situation.
Any advice would be greatly appreciated. - (ACS Version 220.127.116.11.2)