Cisco IOS Macros

Ever needed to make an alteration that would mean you could no longer access the router when you did?  Let’s say you have a router with a DSL interface connected to your ISP.  Say you are accessing it remotely and need to change the username and password then bounce the interface.  Remotely, this is a PITA, as, as soon as you issue the shut command  to bounce the interface, that’s it.  Game over you can no longer access the router because the dialer interface is shut down and you have no way to bring it back up without booting the router.  If you boot the router without writing the changes to the startup-config, you have achieved nothing but booting the router and annoying everyone connected.

But sneaky Cisco have hidden a macro functionality in the IOS that allows us to do this without having to resort to EEM or fancy tclsh scripts.  Here’s an example how it works…

First we create our macro

R1(config)# macro name macroNewUserPass
Enter macro commands one per line. End with the character '@'.
interface dialer 0
ppp chap hostname TMPHOST
ppp chap password 0 TMPPASS
no shut
[email protected]

Next, we need to Run our macro with the substituted actual username and password, instead of the Keyword place holders that I have there now (TMPHOST and TMPPASS).

R1(config)# macro global apply macroNewUserPass TMPHOST "[email protected]" TMPPASS "It's a s3cr3t"

And that’s it. So to pull apart this last command… The macro command puts us in to macro mode in the config, the global apply tells it that this is going to be applied in global config, the macro name is obvious.  The last part is simply Keyword Substitution.  When the Macro named macroNewUserPass runs the keyword TMPHOST becomes [email protected] and the TMPPASS keyword becomes it’s a s3cr3t

So while we will loose connection as soon as the shut is issued on the dialer interface, the macro keeps running and issues the no shut and brings the interface back up again for us.
Now, in this particular example, depending on whether this interface bounce has resulted in an WAN IP address change or not, you may need to ssh in to a different IP than before. But that’s a little outside the scope of this document.