Executing a command upon user login

Cisco IOS long had the autocommand option by which you could attach any command to a username and have it execute after successful login. For example, username x autocommand show ip interface brief command would configure the router to display the interface status after someone would log in as user x.

After the autocommand is executed, the user is logged out and the session is disconnected, unless you configure the username user nohangup option, which causes the session to remain active, giving the operator another login prompt.

9 comments:

  1. Thank you for all the guidance you provide on this site. I have configured autocommand to display the running config and it is working correctly. However, I have a huge configuration that contains thousands of lines. Is there a way to display the whole configuration without having to hit the space bar everytime? Thanks again.

    ReplyDelete
  2. The command to disable page-by-page scrolling is "terminal length 0". If you want to combine it with another command in the autocommand environment, you have to create an EEM applet or a Tclsh script.

    ReplyDelete
  3. Ivan,

    I've been playing around with this some and have made an interesting observation. If I configure the line(s) with 'login local' then the autocommand function works okay. However, if I configure line authentication via a AAA login method (even though the AAA method specifies the local user database), the autocommand never executes. Here's an example config of the latter:

    username IP password IP
    username IP autocommand show ip int br
    username CISCO password CISCO
    !
    aaa new-model
    aaa authentication login CON line
    aaa authentication login VTY local line
    !
    line con 0
    login authentication CON
    line vty 0 4
    login authentication VTY

    I haven't been able to find anything in the documentation that helps me understand this behavior...can you provide any insight?

    Thanks!

    ReplyDelete
  4. @Anonymous#2: you have to enable exec authorization with "aaa authorization exec default local"

    ReplyDelete
  5. Awesome, thanks for the response. A debug showed that it skipped authorization, but didn't indicate anything that would have led me to this.

    Thanks again for the response, and this blog site!

    Jeff

    ReplyDelete
  6. Nice to hear it works for you :) Thanks for the feedback!

    ReplyDelete
  7. This works too:

    line vty 0 4
    login local
    autocommand terminal monitor
    autocommand-options nohangup

    username engineer priv 15 secret mypassword

    :)

    ReplyDelete
  8. @Bryan
    YOU ROCK! THANKS!

    autocommand terminal monitor
    autocommand-options nohangup

    ReplyDelete
  9. When configuring autocommand and trying to connect via ssh - the command does not execute:
    username x priv 15 secret y
    username x autocommand disable

    any idea?

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.