Executing a command upon user login

Cisco IOS long had the autocommand option by which you could attach any command to a username and have it execute after successful login. For example, username x autocommand show ip interface brief command would configure the router to display the interface status after someone would log in as user x.

After the autocommand is executed, the user is logged out and the session is disconnected, unless you configure the username user nohangup option, which causes the session to remain active, giving the operator another login prompt.

Posted by Ivan Pepelnjak on Thursday, March 15, 2007

Labels: ,

7 comments:

Anonymous said...

Thank you for all the guidance you provide on this site. I have configured autocommand to display the running config and it is working correctly. However, I have a huge configuration that contains thousands of lines. Is there a way to display the whole configuration without having to hit the space bar everytime? Thanks again.

08 May, 2009 23:24
Ivan Pepelnjak said...

The command to disable page-by-page scrolling is "terminal length 0". If you want to combine it with another command in the autocommand environment, you have to create an EEM applet or a Tclsh script.

09 May, 2009 17:45
Anonymous said...

Ivan,

I've been playing around with this some and have made an interesting observation. If I configure the line(s) with 'login local' then the autocommand function works okay. However, if I configure line authentication via a AAA login method (even though the AAA method specifies the local user database), the autocommand never executes. Here's an example config of the latter:

username IP password IP
username IP autocommand show ip int br
username CISCO password CISCO
!
aaa new-model
aaa authentication login CON line
aaa authentication login VTY local line
!
line con 0
login authentication CON
line vty 0 4
login authentication VTY

I haven't been able to find anything in the documentation that helps me understand this behavior...can you provide any insight?

Thanks!

12 June, 2009 21:48
Ivan Pepelnjak said...

@Anonymous#2: you have to enable exec authorization with "aaa authorization exec default local"

16 June, 2009 13:06
Jeff said...

Awesome, thanks for the response. A debug showed that it skipped authorization, but didn't indicate anything that would have led me to this.

Thanks again for the response, and this blog site!

Jeff

16 June, 2009 15:46
Ivan Pepelnjak said...

Nice to hear it works for you :) Thanks for the feedback!

16 June, 2009 19:24
Bryan M. said...

This works too:

line vty 0 4
login local
autocommand terminal monitor
autocommand-options nohangup

username engineer priv 15 secret mypassword

:)

03 March, 2010 05:41

Subscribe to: Post Comments (Atom)
Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.