Automaticaly reconfiguring a Cisco Router just by logging in

Unanswered Question
Feb 29th, 2008
User Badges:

I have a router 1760 installed in a remote site with DSL, a serial link and LAN users behind it. Under normal conditions it should avoid using the DSL interface to access the Internet for security reasons. It should route all traffic via the serial link to the HQ where users have all services they need including Internet access.

This site, however, is included in our D&R plan and therefore we need that under special conditions (HQ down, for instance) I could easyly reconfigure the router to meet the requirements. I might need to change interfaces status, fw policies, routing table, etc to make the router use the DSL Internet access and allow users to surf the web and incoming mail to come trhu.

The problem is that I want any of my IT peers to do that and not all of them are proficient with Cisco administration. So I thought of some kind of script that could be automatically run when somebody logins in the router with the right account and the right password. For instance I could have all the regular administration accounts and also accounts like: "disaster-status" and "normal-status" and each of them will run the necessary commands to reconfigure the router without the user needing to write one single command... not even "enable".

I remember one Cisco course that I attended that we had a remote lab and the topology of the lab was changed just by logging in the switches with a user that automaticaly, without we interacting, changed the switch configuration (VLANS, etc.) and therefore changed the network topology.

Is this possible? any ideas?

Regards and thanks!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
yjdabear Fri, 02/29/2008 - 12:22
User Badges:
  • Gold, 750 points or more

Yeah, this sounds right up the alley for the Tcl/Tk and Expect scripting languages, Tcl/Tk for writing the interactive navigation menus, Expect for interpretting human and/or router responses, then issuing instructions and/or IOS commands accordingly.

albertoff Fri, 02/29/2008 - 15:16
User Badges:

Thanks for your answer,

Before posting here, I came accross this document but I wans't sure if TCL was the way to go...

Anyway, TCL could help be prepare the scripts I need to run in each case but, how do I build this interactive menus that you pointed out?... is there a document with examples of this?.

Thanks again,



cisco24x7 Sat, 03/01/2008 - 07:55
User Badges:
  • Silver, 250 points or more

Here is a sample:


set timeout 10

set name [lindex $argv 0]

set user [lindex $argv 1]

set password [lindex $argv 2]

set enable [lindex $argv 3]

spawn telnet $name

expect "*name:"

send "$user\r"

sleep 1

expect "*word:"

sleep 1

send "$password\n"

expect "*>"

sleep 1

send "enable\n"

expect "*:"

sleep 1

send "$enable\n"

expect "*#"

sleep 1

send "configure t\r"

expect "*#"

sleep 1

send "end \r"

expect "*#"

send "disable \r"

expect "*>"

send "exit\r\r\r\r"


# ./xxx user exec_pass enable_pass

spawn telnet


Connected to

Escape character is '^]'.






CCIE Sec Corporation Perimeter Cisco IOS with Firewall Feature Set

User Access Verification

Username: cciesec


CCIE Sec Corporation Perimeter Cisco IOS with Firewall Feature Set



C2621#configure t

Enter configuration commands, one per line. End with CNTL/Z.




CCIE Security

Joe Clarke Sat, 03/01/2008 - 11:42
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

There is a new feature coming in 12.4(20)T called the Embedded Menu Manager which will do what you want. This will allow you to display a menu to the user that you customize completely using an XML menu definition file. The inputs from the user are passed to TCL on the backend. This release is scheduled for June of this year.


This Discussion