Ever needed to make an alteration that would mean you could no longer access the router when you did? Let’s say you have a router with a DSL interface connected to your ISP. Say you are accessing it remotely and need to change the username and password then bounce the interface. Remotely, this is a PITA, as, as soon as you issue the shut command to bounce the interface, that’s it. Game over you can no longer access the router because the dialer interface is shut down and you have no way to bring it back up without booting the router. If you boot the router without writing the changes to the startup-config, you have achieved nothing but booting the router and annoying everyone connected.
But sneaky Cisco have hidden a macro functionality in the IOS that allows us to do this without having to resort to EEM or fancy tclsh scripts. Here’s an example how it works…
First we create our macro
R1(config)# macro name macroNewUserPass Enter macro commands one per line. End with the character '@'. interface dialer 0 ppp chap hostname TMPHOST ppp chap password 0 TMPPASS shut no shut exit@
Next, we need to Run our macro with the substituted actual username and password, instead of the Keyword place holders that I have there now (TMPHOST and TMPPASS).
R1(config)# macro global apply macroNewUserPass TMPHOST "email@example.com" TMPPASS "It's a s3cr3t"
And that’s it. So to pull apart this last command… The
macro command puts us in to macro mode in the config, the
global apply tells it that this is going to be applied in global config, the macro name is obvious. The last part is simply Keyword Substitution. When the Macro named
macroNewUserPass runs the keyword TMPHOST becomes firstname.lastname@example.org and the TMPPASS keyword becomes it’s a s3cr3t
So while we will loose
connection as soon as the shut is issued on the dialer interface, the macro keeps running and issues the no shut and brings the interface back up again for us.
Now, in this particular example, depending on whether this interface bounce has resulted in an WAN IP address change or not, you may need to ssh in to a different IP than before. But that’s a little outside the scope of this document.