2006-06-17 19:53:37 · 1 answers · asked by pohtee1104 1 in Computers & Internet ➔ Computer Networking
Just as you can add configuration lines to "line con 0" (console port) and "line aux 0" (auxiliary port) you can also add configuration lines to the vty (telnet) virtual ports. There are typically 16 of them on a Cisco router, "line vty 0" through "line vty 15". You configure all 16 vty lines at once using the configuration command "line vty 0 15" and hitting enter. Or, if you only want to configure some of them, you can disable the rest with the "no line vty" comand. Once you enter line config mode you can set up the telnet session security by requiring a login and password for example. It is also typical to use access lists to only allow (and perhaps log) inbound telnet sessions from specific machines. So you can create an access list like "access-list 2 permit any log" to allow and log all machines to telnet in, or you could say "access-list 2 permit 192.168.1.100 log" to only allow one machine (1.100) for example. It's also common to prevent outbound telnet sessions once someone is telnetted in with the "transport output none" command. Another usual thing to do is set an activity timeout limit like 15 minutes for example using "exec-timeout 15 0". This is just the most basic but I think it's what you're after. To dive deeper, browse Cisco's web site for IOS configuration guides on AAA. I put a link below to the IOS security config guide for IOS 12.2.
Here's an example config of what is listed above:
config term
access-list 2 permit any log
line vty 0 15
access-class 2 in
exec-timeout 15 0
login
password p@$$w0rd
transport input telnet
transport output none
2006-06-18 07:21:33 · answer #1 · answered by networkmaster 5 · 2⤊ 0⤋