The statement in my prior post - "Remove the contents of the subcommand list (right-hand list), select the "Deny" radio button, Submit your changes to the Command Authorization Set, and retest."
... should have included, selecting the Permit Unmatched Args checkbox.
In order to test the "show" command with the "interfaces" argument, you may need to add the enable command.
Consider the following example:
"Deny" radio button selected (i.e.: only listed commands will be authorized).
"Show" command arguments set as follows:
(a) Deselect the "Permit Unmatched Args" checkbox.
(b) Enter the following argument into the list:
permit interfaces Loopback 0
This will result in the ability to show the Loopback 0 interface, but NOT the GigabitEthernet interface (per your indicated preference).
Command arguments are case sensitive and may differ from how they are entered at the CLI.
A sniffer is helpful in determining proper case.
Wireshark is capable of decrypting TACACS+ packets if you configure the application with the password.
If you were to limit the "show" command argument to "permit interfaces", and then tried to use the "interfaces" command with the "deny GigabitEthernet X" argument, you would not see the results desired. The "show" command with its limited argument would authorize showing of the GigabitEthernet X interface despite configuration of the "interfaces" command.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :