Re: deny "configure terminal" with exec and acs3.1 tacacs
you can do this ,just create a group called users or whatever you want.
in that configuration window, ensure that except for the allowed commands others are denied.
Then in the command box
add the following
Now for each corresponding command, just add the commands you want to allow, for example, for the command, clear, allow only counters, so that only clear counters will work and nothing else will.
similarly, under configure,allow only terminal, so that only conf t works
for interface, allow all unmatched arguments, select that. this will a user can connect to change all interfaces like fast ethernet or serial or giga, else you need to specify them to further restrict.
finally you need to allow wr mem command to allow them to save the config incase you want, else leave that as well :)
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...