60-40
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
Line Access on Cisco IOS Routers
Caution Setting the inbound connections setting to None might prevent Security Manager from connecting to the
device after deployment.
Note You must configure AAA authentication when the VTY line permits the SSH and rlogin
protocols. See Defining VTY Line AAA Settings, page 60-40.
Step 9 (Optional) Enter the names of ACLs that restrict incoming and outgoing connections between the device
and the addresses in these lists, or click Select to select an ACL object from a list or to create a new one.
You can choose from standard or extended ACLs.
Tip Defining an inbound ACL is a good way to reserve a VTY line for administrative access only.
Step 10 (Optional) Click the AAA tab to define authentication, authorization, and accounting settings for this
VTY line (or group of lines). See Defining VTY Line AAA Settings, page60-40.
Step 11 Click OK to save your definitions locally on the client and close the dialog box. Your definitions are
displayed in the Lines table.
Note To remove a VTY line definition, select it, then click Delete. If you delete a VTY line from an
IOS device, any subsequent lines are also deleted. For example, if the device contains lines 0-9
and you delete line 5, lines 6-9 are deleted as well. If you delete the definition for lines 0-4 from
Security Manager, the router retains the inbound protocol definition and restores the other
default settings for these lines on the device. This ensures that five VTY lines are always
available.
Defining VTY Line AAA Settings
By default, authentication, authorization, and accounting are not performed on VTY lines. When you
configure one or more of these access control options, you can either make use of the default method
lists defined in the device’s AAA policy or define a custom method list containing one or more AAA
methods.
Before You Begin
Define the basic parameters of the VTY line or group of VTY lines. See Defining VTY Line Setup
Parameters, page 60-38.
Related Topics
Defining VTY Line Setup Parameters, page 60-38
Line Access on Cisco IOS Routers, page 60-35
Step 1 Do one of the following:
(Device view) Select Platform > Device Admin > Device Access > Line Access > VTY from the
Policy selector.