60-38
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
Line Access on Cisco IOS Routers
Step 6 (Optional) Create command accounting definitions for specific privilege levels:
a. Click the Add button under the Commands Accounting table. The Command Accounting Dialog
Box—Line Access, page 60-61 is displayed.
b. Configure the command accounting definition as required.
c. Click OK. The dialog box closes and the accounting method is displayed in the Commands
Accounting table.
d. Repeat a. through c. to create additional command accounting definitions.
Defining VTY Line Setup Parameters
All Cisco IOS routers are configured by default with five VTY lines (labeled 0-4) that have the following
settings:
All permitted users have privileged access to the router, including all configuration commands
(privilege level 15).
VTY lines are disconnected after 10 minutes without user input.
Incoming connections are not permitted.
Outgoing connections support Telnet only.
You can use Security Manager to modify the default settings on these five VTY lines or to configure
additional lines (up to a maximum of 16). In addition, you can optionally configure the following settings
on each line:
The password for accessing the line.
Whether to disable all EXEC sessions on the line.
Incoming and outgoing ACLs that restrict the connections that are permitted on the line.
Whether VRF connections are permitted on the line.
Defining Groups of VTY Lines
You can configure multiple VTY lines as a contiguous group, which enables you to define identical
settings for all the lines in the group with one procedure. All the lines within the group must fall within
one of two ranges, 0-4 or 6-15. The group cannot overlap these two ranges.
The rules for configuring VTY line 5 are as follows. Line 5 can be part of the same definition as lines
0-4 only when there are no lines configured above line 5. If there are lines configured above line 5, you
cannot include line 5 in the definition for lines 0-4, even if their configurations are the same. Line 5 can
be included in the definition of the lines above line 5 if their configurations are the same.
For example, if lines 0-5 all share one configuration and lines 6-9 have a different configuration, you
need to create three definitions—one definition for lines 0-4, a second definition for line 5, and a third
definition for lines 6-9.
Note When you configure VTY lines, bear in mind that users are assigned a line at random when they connect
to the device.