Friday, 18 December 2015

Terminal Line Settings

IOS supports multiple timeout settings for terminal sessions, which can be divided
as follows. Absolute limits the maximum amount of time the user can spend on the
line. Exec limits the time an exec shell can be idle. Session is the maximum amount
of time a session opened from terminal (such as telnet to other router) can be idle. A
refuse message is displayed when someone tries to connect to a line already in use.
The vacant message is displayed when the current line is idle (not in use—no exec
shell started).
The transport input/output option specifies which protocols can be used to connect
to/from the terminal line. The preferred transport protocol is used when no session
protocol is specified at exec prompt and a station name is typed. By default, the
preferred transport is telnet, which is why the router tries to telnet when a command
is mistyped. The lock feature allows a user to lock the current terminal session and

require a password to unlock it.



When a user is telnetted into R3 and mistypes a command in exec mode,
R3 should not try to open a telnet session to the command as if it is a
hostname.

Configure VTY line 0 to listen for telnet at port 3001. - "line vty 0
                                                                                           rotary 1"

When the virtual terminal line is busy, issue the output Sorry, the line is
already in use to the connecting user.-"refuse-message # Sorry, the line is already in use #"

Exec sessions on a VTY line should timeout after 2 minutes of inactivity; - "exec-timeout 2 0"

 a user should not be able to hold the line busy for more than 5 minutes.-"absolute-timeout 5"

The terminal length should be no more than 20 lines.-"length 20"

IP netmasks should be displayed using hex numbers.-"ip netmask-format hexadecimal"

Allow a user to lock VTY terminal lines.- "lockable"

Sessions initiated from a VTY line should timeout in 1 minute.-- "session-timeout 1"

When the console line is idle, the user should see the output Welcome to IOS.
Allow no more than one session to be initiated from the console line

line console 0
session-limit 1
vacant-message # Welcome to IOS #


The netmask format can be verified as shown below.

R3#telnet 150.1.3.3
Trying 150.1.3.3 ... Open
!
!R3#show interface GigabitEthernet1.37
Serial1/0 is up, line protocol is up
Hardware is CD2430 in sync mode Internet address is 155.1.0.3 0xFFFFFF00
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY, loopback not set


Rotary groups allow bundling multiple lines into a pool and to give the option to
access the pool using the dedicated TCP port number 3000+N, where N is the
rotary group number. Those special port numbers can also be used as “backdoors”
for telnet access. Note that the refuse message is displayed when a user attempts
to connect to the busy line

No comments:

Post a Comment