Enable Telnet Settings | 321 Studios OL-7141-04 specs

Chapter 1 Cisco SDM Express

Supplementary Help

Enable Telnet Settings

Cisco SDM Express secures the console, AUX, vty, and tty lines by implementing the following configurations whenever possible:

•Configures transport input and transport output commands to define which protocols can be used to connect to those lines.

•Sets the exec-timeout value to 10 minutes on the console and AUX lines, causing an administrative user to be logged out from these lines after 10 minutes of no activity.

The configuration that will be delivered to the router to secure the console, AUX, vty, and tty lines is as follows:

!

line console 0 transport output telnet exec-timeout 10

login local

!

line AUX 0

transport output telnet exec-timeout 10

login local

!

line vty ….

transport input telnet login local

Enable SSH for Access to the Router

If the Cisco IOS release running on the router is a crypto image (an image that uses 56-bit Data Encryption Standard (DES) encryption and is subject to export restrictions), then Cisco SDM Express will implement the following configurations to secure Telnet access whenever possible:

•Enable Secure Shell (SSH) for Telnet access. SSH makes Telnet access much more secure.

•Set the SSH timeout value to 60 seconds, causing incomplete SSH connections to shut down after 60 seconds.

•Set the maximum number of unsuccessful SSH login attempts to two before locking access to the router.

	Cisco SDM Express
1-42	OL-7141-04

Image 48

321 Studios OL-7141-04 manual Enable Telnet Settings, Enable SSH for Access to the Router

Contents

Cisco SDM Express User’s Guide Cisco SDM Express User’s Guide N T E N T S Contents Cisco SDM Express Edit Mode Contents Welcome A P T E R Basic Configuration Username and Password FieldsHostname Field Domain Name Field Enable Secret Password Field Router ProvisioningSDM Express Provision From USB Token USB Token or USB FlashSecure Device Provisioning CNS Server Provision From USB Flash File Selection Wireless Interface Configuration LAN Interface ConfigurationName Size Wireless Parameters Fields Interface/Bridge-to-Interface ListIP Address Field Subnet Mask Field Dhcp Server Configuration Enable Dhcp server on the LAN interface Check BoxRefresh, Apply Changes, Discard Changes Buttons Starting IP Address Field Ending IP Address Field Primary Domain Name Server FieldSecondary Domain Name Server Field Enable PPPoE Check Box Internet WAN Ethernet InterfaceUse these DNS values for Dhcp clients Check Box Address Type List Authentication Type Check Box Password FieldConfirm Password Field Username Field Status Icon and Enable or Disable Button Internet WAN Autodetect EncapsulationInternet WAN User Specified Encapsulation Encapsulation List Virtual Path Identifier FieldVirtual Circuit Identifier Field IP Address for Remote Connection in Central Office Field Enable or Disable Button WAN Interface SelectionAdd Connection, Edit, Delete Buttons Serial Connection Interface ListRefresh Button Frame Relay Configuration Settings Link IP Address and Subnet Mask Fields Frame Relay Configuration Settings Dlci FieldLMI Type Field Use Ietf Frame Relay Encapsulation Check Box Internet WAN Advanced Options CNS Server Information Firewall Configuration Primary DNS FieldSecondary DNS Field Security Settings Disable Snmp Services on Your Router Check Box Disable Services that Involve Security Risks Check Box Enhance Security on Router Access Check Box Encrypt Passwords Check BoxSummary Cisco Network Services Supplementary HelpCisco Router and Security Device Manager Security Settings Disable Snmp Disable Finger Service Disable PAD Service Disable TCP Small Servers Service Disable UDP Small Servers Service Disable IP Bootp Server Service Disable IP Identification Service Disable CDP Disable IP Source Route Enable Password Encryption Service Enable Netflow Switching Enable TCP Keepalives for Inbound Telnet Sessions Enable TCP Keepalives for Outbound Telnet Sessions Enable Sequence Numbers and Time Stamps on DebugsEnable IP CEF Set Scheduler Interval Set Scheduler Allocate Set TCP Synwait Time Enable Logging Enable Unicast RPF on Outside Interfaces Disable IP Gratuitous ARPs Disable IP Redirects Disable IP Proxy ARP Disable IP Directed Broadcast Disable MOP Service Disable IP Unreachables Disable IP Mask Reply Set Minimum Password Length to Less Than 6 Characters Set Authentication Failure Rate to Less Than 3 Retries Set Banner Enable Telnet Settings Enable SSH for Access to the Router Cisco SDM Express Buttons Help ButtonAbout Button Reconnecting to the Router After Initial Configuration Exit ButtonApply Changes Button Discard Changes Button Testing Your WAN Internet Connection SDP Troubleshooting Tips Troubleshooting Tips Overview IconsLAN Fields Internet WAN Fields Firewall Fields Username/Login Password/Password is Encrypted Fields Edit/Delete Buttons Encrypt password using MD5 hash algorithm Checkbox Bridge/Do not bridge LAN interface with wireless CheckboxEdit a Username Refresh/Apply Changes/Discard Changes Buttons Wireless WAN-Unable to Configure WAN InterfaceLAN interface configuration Fields No WAN Available Enable Firewall/Disable Firewall Buttons Delete ConnectionFirewall Unable to configure Firewall Window Unable to Configure NAT Add or Edit Address Translation Rule Routing Disable Services that Involve Security Risks Checkbox Select All Recommended by Cisco Checkbox Encrypt Passwords Checkbox Synchronize with my local PC clock Checkbox Tools Ping Update SDM from Cisco.com To clear the output of the ping commandSource Field Destination Field Update SDM from Local PC Update SDM from CDCCO Login Date and Time Properties Synchronize CheckboxEdit Date and Time Fields Reset to Factory Defaults Save Running Config to PCWrite down these steps and then reset the router Apply Button Reconfiguring Your PC with a Static or a Dynamic IP Address Microsoft Windows NT Feature Not Available Cisco SDM Express Edit Mode Feature Not Available D E IN-2