60-35
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
Line Access on Cisco IOS Routers
Line Access on Cisco IOS Routers
Security Manager enables you to configure command line access (also called EXEC access) to a router
using the following methods:
Console port—Physical connection via a standard RS232 cable for local access. For more
information, see:
Defining Console Port Setup Parameters, page 60-35
Defining Console Port AAA Settings, page 60-37
VTY lines—Virtual terminal lines for remote access, typically using protocols such as Telnet, SSH,
or rlogin. For more information, see:
Defining VTY Line Setup Parameters, page 60-38
Defining VTY Line AAA Settings, page 60-40
After you configure and deploy these policies, you can use these lines to communicate with individual
devices directly when you want to configure or diagnose them using the CLI.

Defining Console Port Setup Parameters

The console port on a router is generally used for local system access by an administrator with physical
access to the device. By default, the console port is set up as follows:
All permitted users have privileged access to the router, including all configuration commands
(privilege level 15).
The line is disconnected after 10 minutes without user input.
Incoming connections are not permitted.
Outgoing connections support Telnet only.
In addition to modifying any of the default settings, you can optionally define the following settings:
The password for accessing the console.
Whether to disable all EXEC sessions on the console.
Prioritized Method List Defines a sequential list of methods to be used when authorizing a user.
Enter the names of one or more AAA server group objects (up to four),
or click Select to select them. Use the up and down arrows in the object
selector to define the order in which the selected server groups should
be used. If the object that you want is not listed, click the Create button
to create it.
The device tries initially to authorize users using the first method in the
list. If that method fails to respond, the device tries the next method,
and so on, until a response is received.
Supported methods include TACACS+, Local, and None.
Note If you select None as a method, it must appear as the last
method in the list.
Table60-15 Command Authorization Dialog Box (Continued)
Element Description