Run remote commands on Cisco routers from the computer

Can you place the cursor at the Windows command prompt and run a command on the router? Usually, you will first have Telnet or SSH to connect to the router to be able to execute commands? This article will show you how to simultaneously run router commands without having to exit the Windows command prompt, which is very convenient for controlling and automatically managing routers.

What is remote shell ( rsh )?

Remote shell is a common command line program in UNIX and Linux operating systems. By using Rsh , you can execute command line programs on a remote system. This remote system could be another UNIX or Linux operating system, or it could be a Cisco router or a switch. Rsh is part of the BSB UNIX operating system and includes rcp (remote copy) and rlogin (remote login).

While most Linux system administrators are familiar with rsh , some Windows administrators are not. In fact, both Windows XP and Windows Server 2003 include rsh . Figure A shows the illustration of using rsh at the command prompt.

Run remote commands on Cisco routers from the computer Picture 1
Picture A

However, when working with rsh , remember that rsh is not secure - It does not encrypt communications between remote devices and the system. You always need to configure rsh as securely as possible on the router by blocking the management machine's IP address and user name.

However, even with such precautions, rsh is still unsafe compared to SSH. So it would be good to use rsh on a protected and secure internal network. (This way, if you enable rsh through a firewall, it will use TCP port 514).

How to configure rsh on a router?

To be able to run a command on a Windows computer, proceed to the router, execute the commands, and then return the output to you, all you need to do is enter two commands. Let's take a look at the whole process.

First, you need to enable remote shell services on the router. Cisco IOS will call ip rcmd service. To activate this service, enter the following command on Global Configuration Mode:

Router (config) # ip rcmd rsh-enable

Second, you need to configure the workstation and user permissions to execute those remote shell commands. The following is an example of this command:

Router (config) # ip rcmd remote-host root 192.168.1.45 ddavis enable

Let's explain the command line above. The part ip rcmd remote-host is required. Next, you enter the ' local ' username on the router of the remote shell user who will log in when the commands are executed. The example above uses a local user ' root '.

Next, 192.168.1.45 is the IP address of the management workstation you want to allow to execute remote shell commands - in other words, this is the computer's IP address. Next, you see the internal Windows username: ddavis . As in the example, this is the name of the user who logged into the Windows XP machine as well as the user who will execute the rsh command on Windows. If you use a batch job script to execute the rsh command on Windows, you will need to enter the Windows username in the batch file.

Finally, the command contains the ' enable ' keyword. This command allows remote shell users to access to enable the type on the router. You can take this step further and specify the level of access allowed (for example, from level 1 to 15).

Keep in mind that these two commands assume that you already have a configured router and have a local user called ' root '. If you do not have a root user, you can use the following command:

Router (config) # username root privilege 15 password C1sCo!

Method of using rsh from Windows workstation

Once you have configured the commands above, you can easily run a remote shell command from the Windows command prompt. Figure B gives an example.

Run remote commands on Cisco routers from the computer Picture 2
Figure B

Actually you use the following command:

Z: rsh Router1 -l root sh ver

This is how that command line works:

1. The server name is the first thing that needs to be specified (in the example above is Router1 ).
2. Next, use -l (letter L) to determine the username that will be used to log in. (Note that ' ddavis ' will still need to be used on the local Windows computer to ensure safety).
3. Finally, specify the command. In this case, execute the show version command (or sh ver ).

What can you do with the rsh command?

In addition to using the show version command, you can also perform the show running-configuration command (sh run) or other privileged commands. Here are some examples:

1. show ip interface brief
2. show ip route
3. show ip ospf neighbors
4. show ip bgp summary
5. show log

What you can't do is run a Global Configuration Mode command, such as activating an interface or configuring an IP address. This is a limitation when using show commands.

However, one very useful thing you can do is copy the current configuration to a TFTP server and execute it inside an initial script on a Windows server. For example, you use the command copy running-configuration tftp: /1.1.1.1 .

What else can be done with remote commands?

If you look at the Cisco IOS documentation for remote commands, you will notice that there are a number of options that can be used with remote commands. One of the most recent features of that Cisco IOS is that you have the ability to validate newly ordered rsh and rcp commands by using an IOS Cisco access control list.

One of the more interesting changes is that you can use remote replication (rcp). Therefore, it is possible to copy a file using the rcp Windows command from the computer to the router or from the router to the computer without using TFTP or FTP. (You can enable the rcp command with the ip rcmd rcp-enable command.)

Conclude

Remote shell commands ( rsh or rcmd ) can be very useful for remote administration of your router. This is especially true if you want to create a Linux or Windows script that goes to all routers in the network and performs some show commands.