Enterprise Software

Create router menus to suit your needs

Lori Hyde tells you how to create router menus that allow you to control user access to a limited set of commands.

The first time I ever heard of router "menus" was during a CCIE practice lab, and I have to admit that I had fun with them. I'd be the first to say that this is not the best way to control user interaction with a router in a corporate environment. But, I can see specific instances, such as in a lab or small office environment, where user menus may provide a perfect solution for allowing required access to a device while controlling that access to a limited subset of specific commands.

Menu creation capability has been part of the Cisco IOS since release 10.0. The commands associated with setting up a menu are pretty basic and consist of four key elements:

  • Menu title: This names your menu and is displayed at the top of the user screen.
  • Menu prompt: This text is also displayed to the user.
  • Menu text: This text is the actual choices you are providing to the user.
  • Menu command: This is the actual command that will be executed based on the user selection.

In my example, the Network Operations Center (NOC) needs to be able to look at the interfaces and run ping and trace commands on the lab test router. To do this, I'll create a nested menu of command options they are allowed to execute on the test router, and then I'll create a user account that is tied to this menu.

First I create the main menu. From this menu, the user will select the secondary menus based on their desired actions.

I first set up the title of the menu and create the prompt that the user will see:

menu NOC title ^ Menu for NOC users ^C
menu NOC prompt ^ Choose your selection: ^C

Next, I set up the user selectable options.

menu NOC text 1. Ping Menu
menu NOC text 2. Trace Menu
menu NOC text 3. Show Interface Menu
menu NOC text 4. Exit

Each of these options is followed by the actual command that will be executed, which, in this case, is to call the nested menus.

menu NOC command 1. menu ping
menu NOC command 2. menu trace
menu NOC command 3. menu interface
menu NOC command 4. exit

I want the users to be able to view the data before redrawing the menu, so I'll add a "pause" option after each command.

menu NOC options 1. pause
menu NOC options 2. pause
menu NOC options 3. pause

Then, I'll clear the screen and exit the menu:

menu NOC clear-screen

Next, I'll create the sub-menus using the same command structure as above.

menu ping title ^ Menu for ping ^C
menu ping prompt ^ Choose Your Ping Destination: ^C
menu ping text 1. SW05
menu ping command 1. ping 192.168.80.1
menu ping options 1. pause
menu ping text 2. SW06
menu ping command 2. ping 172.20.200.5
menu ping options 2. pause
menu ping text 3. SW07
menu ping command 3. ping 192.168.80.214
menu ping options 3. pause
menu ping text 4. Back
menu ping command 4. menu-exit
menu ping clear-screen
menu trace title ^ Menu for Traceroute ^C
menu trace prompt ^ Choose Your Traceroute Destination: ^C
menu trace text 1. SW05
menu trace command 1. trace 192.168.80.1
menu trace options 1. pause
menu trace text 2. SW06
menu trace command 2. trace 172.20.200.5
menu trace options 2. pause
menu trace text 3. SW07
menu trace command 3. trace 192.168.80.214
menu trace options 3. pause
menu trace text 4. Back
menu trace command 4. menu-exit
menu trace clear-screen
menu interface title ^ Show Interface Menu ^C
menu interface prompt ^ Choose Your Interface Option: ^C
menu interface text 1. Show IP Interface Brief
menu interface command 1. sh ip int brief
menu interface options 1. pause
menu interface text 2. Show Interface Ethernet0/0
menu interface command 2. sh int ethernet0/0
menu interface options 2. pause
menu interface text 3. Show Interface Ethernet0/1
menu interface command 3. sh int ethernet0/1
menu interface options 3. pause
menu interface text 4. Back
menu interface command 4. menu-exit
menu interface clear-screen

Finally, I need to create a local user account on the router. The "autocommand" option tells the router to execute our menu NOC when user NOC logs in.

username NOC password myoptions
username NOC autocommand menu NOC

There are other ways to do this. I could have tied the "autocommand" command directly to the VTY lines rather than to the user. The router must also be configured for local authentication either with the login local command on the VTY lines or with the appropriate aaa authentication commands.

Here are some screenshots of this new menu in action.

Figure A

Figure B

While this was a nested menu, the actual commands and structure are pretty basic. So, if you haven't tried creating menus yet, give it a whirl. And if you're already familiar with them, what have you used them for?

I wonder if a menu could make a call to a TCL script. Hmmm....haven't tried that yet. Have you?

Want to learn more about router and switch management? Automatically sign up for our free Cisco Technology newsletter, delivered each Friday!

9 comments
oleglvovyu
oleglvovyu

Hi, I wounder where did you create menu: in the CLI router? if, Yes what command you used? Because i buld topolgy in packet tracer one router connected to PCadmin and PCuser. the point where exectly you write menu? Oleh OlegLvovYu@gmail.com

o_altrad
o_altrad

its good,but not as for a professional user help,I DONT THINK THAT ITS WORTH A LOT ,ALSO IT SEEMS TO ME THAT IT COST SPACE AND PROCESS NEEDS WHICH GIVE MORE HEADACHE FOR THE ROUTER WITHOUT TAKING A BIG ADVANTAGE.THE GOOD THING IS TO USE OTHER FUNCTIONALITY MORE USEFUL.

k.schwarzenegger
k.schwarzenegger

This is great way to provide funtionality to novice users. I have implemented router menus for our remote access lab which allows students to remotely configure routers from anywhere. Although Packet Tracer is a great tool, nothing beats working with a real router and operating network.

NetMgr
NetMgr

I think I could use this to provide our helpdesk and remote tech coffice staff with the capability to look at a router, see if the interface is up and if I can call a TCL script, I can show the bandwidth and error counters on the interfaces

valerio
valerio

Is there a way to make the commands more interactive? I was thinking maybe of getting some input from the user like an IP address.

oleglvovyu
oleglvovyu

Hi, Have you any idea how to create router menus in Packet Tracer?

Lori H
Lori H

I have not tried this in Packet Tracer. All of these commands were done from standard exec level (priv 15) mode on a 2600 series router. Good luck to you though!