Autocommand
当有网络工程师远程管理网络设备时,如果用户想限制工程师只能执行用户所指定的命令时,可以使用 autocommand 功能来实现,但 autocommand 最多只能执行一条命令; autocommand 可以通过有 Line vty 模式下进行配置来限制所有的远程用户操作,也可以在 username 命令来限制单个用户的操作命令
配置实例:
<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
<?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" />
R2(config)#username cisco password cisco
R2(config)#line vty 0 4
R2(config-line)#login local
R2(config-line)#autocommand show ip interface brief
R2(config)#username test password test
R2(config)#username test autocommand sh ip route
R1#telnet 12.1.1.2
Trying 12.1.1.2 ... Open
User Access Verification
Username: cisco
Password:
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet1/0 12.1.1.2 YES manual up up
FastEthernet1/1 unassigned YES unset administratively down down
[Connection to 12.1.1.2 closed by foreign host]
R1#telnet 12.1.1.2
Trying 12.1.1.2 ... Open
User Access Verification
Username: test
Password:
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, FastEthernet1/0
[Connection to 12.1.1.2 closed by foreign host]
R1#