Create router menus to suit your needs

Lori Hyde tells you how to create router menus that allow you to control user access to a limited set of commands.

——————————————————————————-

The first time I ever heard of router “menus” was during a CCIE practice lab, and I have to admit that I had fun with them. I’d be the first to say that this is not the best way to control user interaction with a router in a corporate environment. But, I can see specific instances, such as in a lab or small office environment, where user menus may provide a perfect solution for allowing required access to a device while controlling that access to a limited subset of specific commands.

Menu creation capability has been part of the Cisco IOS since release 10.0. The commands associated with setting up a menu are pretty basic and consist of four key elements:

• Menu title: This names your menu and is displayed at the top of the user screen.
• Menu prompt: This text is also displayed to the user.
• Menu text: This text is the actual choices you are providing to the user.
• Menu command: This is the actual command that will be executed based on the user selection.

In my example, the Network Operations Center (NOC) needs to be able to look at the interfaces and run ping and trace commands on the lab test router. To do this, I’ll create a nested menu of command options they are allowed to execute on the test router, and then I’ll create a user account that is tied to this menu.

First I create the main menu. From this menu, the user will select the secondary menus based on their desired actions.

I first set up the title of the menu and create the prompt that the user will see:

menu NOC title ^ Menu for NOC users ^C

menu NOC prompt ^ Choose your selection: ^C

Next, I set up the user selectable options.

menu NOC text 1. Ping Menu

menu NOC text 2. Trace Menu

menu NOC text 3. Show Interface Menu

menu NOC text 4. Exit

Each of these options is followed by the actual command that will be executed, which, in this case, is to call the nested menus.

menu NOC command 1. menu ping

menu NOC command 2. menu trace

menu NOC command 3. menu interface

menu NOC command 4. exit

I want the users to be able to view the data before redrawing the menu, so I’ll add a “pause” option after each command.

menu NOC options 1. pause

menu NOC options 2. pause

menu NOC options 3. pause

Then, I’ll clear the screen and exit the menu:

menu NOC clear-screen

Next, I’ll create the sub-menus using the same command structure as above.

menu ping title ^ Menu for ping ^C

menu ping prompt ^ Choose Your Ping Destination: ^C

menu ping text 1. SW05

menu ping command 1. ping 192.168.80.1

menu ping options 1. pause

menu ping text 2. SW06

menu ping command 2. ping 172.20.200.5

menu ping options 2. pause

menu ping text 3. SW07

menu ping command 3. ping 192.168.80.214

menu ping options 3. pause

menu ping text 4. Back

menu ping command 4. menu-exit

menu ping clear-screen

menu trace title ^ Menu for Traceroute ^C

menu trace prompt ^ Choose Your Traceroute Destination: ^C

menu trace text 1. SW05

menu trace command 1. trace 192.168.80.1

menu trace options 1. pause

menu trace text 2. SW06

menu trace command 2. trace 172.20.200.5

menu trace options 2. pause

menu trace text 3. SW07

menu trace command 3. trace 192.168.80.214

menu trace options 3. pause

menu trace text 4. Back

menu trace command 4. menu-exit

menu trace clear-screen

menu interface title ^ Show Interface Menu ^C

menu interface prompt ^ Choose Your Interface Option: ^C

menu interface text 1. Show IP Interface Brief

menu interface command 1. sh ip int brief

menu interface options 1. pause

menu interface text 2. Show Interface Ethernet0/0

menu interface command 2. sh int ethernet0/0

menu interface options 2. pause

menu interface text 3. Show Interface Ethernet0/1

menu interface command 3. sh int ethernet0/1

menu interface options 3. pause

menu interface text 4. Back

menu interface command 4. menu-exit

menu interface clear-screen

Finally, I need to create a local user account on the router. The “autocommand” option tells the router to execute our menu NOC when user NOC logs in.

username NOC password myoptions

username NOC autocommand menu NOC

There are other ways to do this. I could have tied the “autocommand” command directly to the VTY lines rather than to the user. The router must also be configured for local authentication either with the login local command on the VTY lines or with the appropriate aaa authentication commands.

Here are some screenshots of this new menu in action.

Figure A

Figure B

While this was a nested menu, the actual commands and structure are pretty basic. So, if you haven’t tried creating menus yet, give it a whirl. And if you’re already familiar with them, what have you used them for?

I wonder if a menu could make a call to a TCL script. Hmmm….haven’t tried that yet. Have you?

Want to learn more about router and switch management? Automatically sign up for our free Cisco Technology newsletter, delivered each Friday!