Manuals / Brands / Computer Equipment / Switch / Cisco Systems / Computer Equipment / Switch

Cisco Systems RJ-45-to-AUX Configuring a Telnet Session TimeOut Value, Implementing Privilege Levels on a 1900EN, Configuring Line Console TimeOut Values

1 411

Download 411 pages, 2.76 Mb

Configuring a Telnet Session Time−Out Value

To lower the chances for vulnerability when an administrator walks away from a logged−in Telnet session,

you can configure and apply a time−out condition to unused VTY sessions. Here’s how:

HSNRSM (config)# line vty 0 4

HSNRSM (config−line)# exec−timeout 5 0

We just set the timeout value to five minutes and zero seconds.

Related solution: Found on page:

Configuring Telnet 67

Implementing Privilege Levels on a 1900EN

To assign a user a privilege level and a defined set of commands you first need to select a user and associate

that user with a privilege level. To do this, use the following command in Global Configuration mode:

1900EN(config)# privilege configure level 3 password

You should assign a password for each configured privilege level. To assign the password brad1 to privilege

level 3, use the following command:

1900EN (config)# enable secret level 3 brad1

When Brad wants to log in to the switch, he will use the following command:

1900EN (config)# username blarson password brad1

This setup allows the user blarson to use certain show commands by default, but gives him no access to the

debug or configuration commands.

To allow the user to use all the debug commands in privilege level 3, use the following command:

1900EN (config)# privilege exec level 3 debug

To allow users with a privilege level 3 to use only a certain command syntax for debug, such as debug ip, use

the following command:

1900EN (config)# privilege exec level 3 debug ip

Note Privilege level 0 includes five commands associated with the privilege level: disable, enable, exit, help,

and logout.

Configuring Line Console Time−Out Values

To configure a time−out value, use the following command. The time−out value is being set to five minutes,

measured in seconds:

hsn(config)# line console

hsn(config)# time−out 300

Tip You can use the lock command to lock an unused Telnet session. After you issue the lock

command, the system will ask you to enter and verify an unlocking password.

To configure a Set/Clear command−based switch with a time−out value of five minutes, use the following

command:

hsn# set logout 5

267

Contents

Main Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Cisco Switching Black Book Page Page Introduction Is This Book for You? How to Use This Book The Black Book Philosophy Chapter 1: Network Switching Fundamentals Physical Media and Switching Types A Bit of History Networking Architectures Page The Pieces of Technology Repeaters Hubs Bridges Page Routers Switches Network Design Collision Domains Broadcast Domains Why Upgrade to Switches? Page Page Switched Forwarding Switched Network Bottlenecks Page The Rule of the Network Road Switched Ethernet Innovations FullDuplex Ethernet Fast Ethernet Gigabit Ethernet The Cisco IOS Connecting to the Switch Powering Up the Switch The following commands are available in Privileged EXEC mode: 26 Finally, the following commands are available in Global Configuration mode: The Challenges Todays Trend Entering and Exiting Privileged EXEC Mode Entering and Exiting Global Configuration Mode Entering and Exiting Interface Configuration Mode Entering and Exiting Subinterface Configuration Mode Saving Configuration Changes Chapter 2: Basic Switch Configuration CommandLine Interfaces Campus Hierarchical Switching Model Access Layer Distribution Layer Core Layer Remote Network Monitoring Connecting to the Console Port Console Cable Pinouts Console Connectors The RJ45toAUX Port Console Connector Pinouts Page Switch IOSs The IOS Configuration Modes Limiting Telnet Access Implementing Privilege Levels Configuring an IOSBased CLI Switch Setting the Login Passwords Setting Privilege Levels Assigning Allowable Commands Setting the Console Port Timeout Value Configuring the Telnet Timeout Value Configuring the Hostname Configuring the Date and Time Configuring an IP Address and Netmask Configuring a Default Route and Gateway Configuring a Set/ClearBased CLI Switch Logging On to a Switch Setting the Login and Enable Passwords Changing the Console Prompt Entering a Contact Name and Location Information Configuring System and Time Information Configuring an IP Address and Netmask Configuring a Default Route and Gateway Viewing the Default Routes Configuring Port Speed and Duplex Enabling SNMP Configuring Trap Message Targets Configuring a MenuDriven IOS Configuring the Console Port Configuring Telnet Configuring the Password Configuring an IP Address and Default Gateway Configuring SNMP Configuring ROM Entering ROM Configuration Mode Booting ROM Mode from a Flash Device Configuring SNMP Configuring RMON Configuring RMON on a Set/ClearBased Interface Using Set/Clear Command Set Recall Key Sequences Using IOSBased Command Editing Keys and Functions Page Chapter 3: WAN Switching WAN Transmission Media Synchronous Transport Signal (STS) Cisco WAN Switches MGX 8200 Series IGX 8400 Series BPX 8600 Series WideArea Switches MGX 8800 Series WideArea Edge Switches WAN Switch Hardware Overview Cisco WAN Switch Network Topologies Network Management The CLI WAN Manager Accessing and Setting Up IGX and BPX Switches Adding New Users Displaying a Users Password Changing a Users Password Page Page Accessing the MGX 8850 and 8220 Adding New Users Changing Passwords Assigning a Switch Hostname Displaying a Summary of All Modules Displaying Detailed Information for the Current Card Changing the Time and Date Displaying the Configuration of the Maintenance and Control Ports Displaying the IP Address Page Chapter 4: LAN Switch Architectures The Catalyst Crescendo Architecture BUS ASICs Page The Crescendo Processors Crescendo Logic Units Other Cisco Switch Processors, Buses, ASICs, and Logic Units CAM AXIS Bus CEF ASIC Page Phoenix ASIC LCP SAGE ASIC QTP ASIC QMAC Bridging Types Source Route Bridging Source Route Transparent Bridging Source Route Translational Bridging Transparent Bridging Source Route Switching Switching Paths Process Switching Fast Switching Autonomous Switching Silicon Switching Optimum Switching Distributed Switching NetFlow Switching System Message Logging Loading an Image on the Supervisor Engine III Booting the Supervisor Engine III from Flash Setting the Boot Configuration Register Configuring Cisco Express Forwarding Enabling CEF Disabling CEF Page Page Page Page Displaying the Logging Configuration Displaying System Logging Messages Page Chapter 5: Virtual Local Area Networks The Flat Network of Yesterday Why Use VLANs? VLAN Basics A Properly Switched Network Switched Internetwork Security Scaling with VLANs VLAN Boundaries VLAN Membership Types Traffic Patterns Flowing through the Network Ciscos VLAN Recommendations VLAN Trunking Trunk Types Page Page LAN Emulation (LANE) VLAN Trunking Protocol (VTP) VTP Versions VTP Advertisements Page VTP Switch Modes Methods for VLAN Identification Dynamic Trunking Protocol InterVLAN Routing Internal Route Processors How InterVLAN Routing Works Configuring a Static VLAN on a Catalyst 5000 Series Switch Configuring Multiple VLANs on a Catalyst 5000 Series Switch Creating VLANs on a Catalyst 1900EN Series Assigning a Static VLAN to an Interface on a 1900EN Series Viewing the VLAN Configuration on a 1900 Series Viewing an Individual VLAN Configuration on a 1900 Series Configuring a Trunk Port on a Cisco 5000 Series Page Mapping VLANs to a Trunk Port Configuring a Trunk Port on a Cisco 1900EN Series Clearing VLANs from Trunk Links on a Cisco 5000 Series Clearing VLANs from Trunk Links on a Cisco 1900EN Series Verifying a Trunk Link Configuration on a 5000 Series Verifying a Trunk Link Configuration on a 1900EN Series Configuring the VTP Version on a Catalyst 5000 Switch Page Configuring VTP Pruning on a Catalyst 1900 Switch Configuring VTP on a Set/Clear CLI Switch Configuring VTP on a 1900 Cisco IOS CLI Switch To set a VTP domain password on a 1900EN to pass1 use the following command: Verifying the VTP Configuration on a Set/Clear CLI 111 Displaying VTP Statistics Configuring VTP Pruning on a Set/Clear CLI Switch Disabling Pruning for Unwanted VLANs Configuring IP InterVLAN Routing on an External Cisco Router Configuring IPX InterVLAN Routing on an External Router Chapter 6: InterVLAN and Basic Module Configuration Internal Route Processors Page Available Route Processors Page Page Page Routing Protocol Assignment Supervisor Engine Modules Supervisor Engines I and II Supervisor Engine III Using the Supervisor Engine Etherport Modules Port Security Manually Configured MAC Addresses Determining the Slot Number in Which a Module Resides Accessing the Internal Route Processor from the Switch Configuring a Hostname on the RSM Assigning an IP Address and Encapsulation Type to an Ethernet Interface Setting the Port Speed and Port Name on an Ethernet Interface Configuring a Default Gateway on a Catalyst 5000 Verifying the IP Configuration on a Catalyst 5000 Enabling RIP on an RSM Viewing the RSMs Running Configuration Configuring InterVLAN Routing on an RSM Configuring IPX InterVLAN Routing on the RSM Configuring AppleTalk InterVLAN Routing on an RSM Viewing the RSM Configuration Just as on a router, you use the show runningconfig to view the running configuration: 129 Assigning a MAC Address to a VLAN Viewing the MAC Addresses Configuring Filtering on an Ethernet Interface Configuring Port Security on an Ethernet Module Clearing MAC Addresses Configuring the Catalyst 5000 Supervisor Engine Module Setting the boot configregister on the Supervisor Engine Module Changing the Management VLAN on a Supervisor Engine Viewing the Supervisor Engine Configuration Configuring the Cisco 2621 External Router for ISL Trunking Configuring Redundancy Using HSRP Page Chapter 7: IP Multicast IP Multicasting Overview Broadcast Unicast Multicast IP Multicasting Addresses The Multicast IP Structure Page Delivery of Multicast Datagrams Multicast Distribution Tree Multicast Forwarding IGMP Protocols Page Internet Group Management Protocol (IGMP) IGMPv1 IGMPv2 Time to Live Multicast at Layer 2 IGMP Snooping Cisco Group Management Protocol Router Group Management Protocol GARP Multicast Registration Protocol Configuring IP Multicast Routing Disabling IP Multicast Routing Enabling PIM on an Interface Disabling PIM on an Interface Configuring the Rendezvous Point Adding a Router to a Multicast Group Configuring a Router to Be a Static Multicast Group Member Restricting Access to a Multicast Group Changing the IGMP Version Changing the IGMP HostQuery Message Interval Configuring Multicast Groups Removing Multicast Groups Configuring Multicast Router Ports Displaying Multicast Routers Configuring IGMP Snooping Disabling IGMP Snooping Configuring IGMP FastLeave Processing Disabling IGMP FastLeave Processing Displaying IGMP Statistics Displaying Multicast Routers Learned from IGMP Displaying IGMP Multicast Groups Configuring CGMP Disabling CGMP Enabling CGMP FastLeave Processing Disabling CGMP FastLeave Processing Displaying CGMP Statistics Configuring RGMP on the Switch Disabling RGMP on the Switch Configuring RGMP on the Router Disabling RGMP on the Router Displaying RGMP Groups Displaying RGMPCapable Router Ports 156 To display the ports to which RGMP routers are connected, use the following command: Displaying RGMP VLAN Statistics To display RGMP statistics, use the following command: Disabling GMRP Enabling GMRP on Individual Ports Disabling GMRP on Individual Ports Enabling GMRP ForwardAll Disabling GMRP ForwardAll Displaying the GMRP Configuration Setting GMRP Timers Displaying GMRP Timers Configuring BandwidthBased Suppression Configuring PacketBased Suppression Disabling Multicast Suppression Chapter 8: WAN Cell Switching ATM Overview LANE ATM Protocols ATM Circuit Switching ATM Cells Page The ATM Switch and ATM Endpoints The ATM Reference Model Page Specifying ATM Connections ATM Addressing Local Area Network Emulation (LANE) LANE Components Page Page Page Integrated Local Management Interface (ILMI) LANE Communication Page LANE Configuration Guidelines How LANE Works Implementing LANE Configuring ATM on the 5000 Switch Page Connecting in an ATM Network Monitoring and Maintaining LANE Accessing the ATM LANE Module Displaying the Selector Field Configuring the LES/BUS Verifying the LES/BUS Configuration Configuring a LEC for an ELAN Verifying a LEC Configuration on an ELAN Configuring the LECS Viewing the LANE Database Binding the LECS Address to an Interface Verifying the LECS Configuration Verify the proper setup with the following command: 182 Chapter 9: LightStream Switches LightStream 100 LightStream 1010 LightStream 2020 Neighborhood Discovery Function Virtual Path Connections LightStream Troubleshooting Tools LightStream Boot Process Supported Troubleshooting Protocols Snooping Mechanisms Multiprotocol Over ATM Configuring the Hostname Configuring an Enable Password Configuring the Processor Card Ethernet Interface Configuring Virtual Private Tunnels Verifying an ATM Interface Connection Status Viewing the Configured Virtual Connections Configuring the LECS ATM Address on a LightStream 1010 Configuring the Advertised LECS Address Viewing the LANE Configuration Related solution: Found on page: Verifying a LEC Configuration on an ELAN 272 Viewing the Installed Modules 192 Configuring the MPC Configuring the MPS Changing the MPS Variables Monitoring the MPS Enabling ILMI Autoconfiguration Configuring LANE on a LightStream 1010 Powering on the LightStream 100 ATM Switch Configuring the LS100 Switch Recovering a Lost Password 196 Page Page Chapter 10: Layer 2 Redundant Links Layer 2 Switching Overview Frames Broadcast and Multicast Frames Unknown Unicasts Layer 2 Network Loops Danger! Data Loops! Edsger Dijkstras Graph Theory STP Root Bridges Bridge Protocol Data Units Page Root Bridge Selection Page Spanning Tree Convergence Time STP Port States PerVLAN Spanning Tree EtherChannel Link Failure Port Aggregation Protocol Fast Convergence Components of STP PortFast UplinkFast BackboneFast Enabling STP on a Set/Clear CommandBased Switch Enabling STP on a Set/Clear CommandBased Switch for All VLANs Disabling STP on a Set/Clear CommandBased Switch Disabling STP on a Set/Clear CommandBased Switch by VLAN Viewing the STP Configuration on a Set/Clear CommandBased Configuring STP on an IOS CommandBased Switch Disabling STP on an IOS CommandBased Switch Viewing the STP Configuration on a Command Line Switch Configuring the STP Root Switch Configuring the STP Secondary Root Switch Setting the Root Bridge for More than One VLAN on a Set/Clear Assigning a Port Cost to a Port Using the Set/Clear Assigning a Port Cost to a Port Using a CLIBased Switch Page Page Adjusting the MaxAge Timer on a Set/Clear CommandBased Preparing to Enable EtherChannel Viewing the Port Setting for EtherChannel on a Set/Clear Creating an EtherChannel on a Set/Clear CommandBased another port that is in the desirable or auto mode. Verifying the EtherChannel Configuration 221 To verify the EtherChannel configuration on a Set/Clear commandbased switch, use this command: Defining an EtherChannel Administrative Group To define the administrative group, use the following Privileged mode command: Configuring EtherChannel on an IOSBased Switch Identifying the Template Port Verifying the EtherChannel Configuration on a Command Line Interface IOS Enabling PortFast on a Set/Clear CommandBased Switch Disabling PortFast on a Set/Clear CommandBased Switch Enabling PortFast on a CLIBased IOS Switch Disabling PortFast on a CLIBased IOS Switch Verifying the PortFast Configuration Enabling UplinkFast on a Set/Clear CommandBased Switch Disabling UplinkFast on a Set/Clear CommandBased Switch Verifying the UplinkFast Configuration Enabling UplinkFast on a Cisco IOS CommandBased Switch Disabling UplinkFast on a Cisco IOS CommandBased Switch Page Chapter 11: Multilayer Switching How MLS Works MLS Components Page MLS Flows Access List Flow Masks MLS Troubleshooting Notes Configuring MLS MLS Cache Aging Timers VLAN ID VTP Domain Management Interfaces Configuring an External MLS Route Processor Page Enabling MLS on an Individual Interface Disabling MLS on an External Router Interface Configuring the MLS Switch Engine Reenabling MLS on a Catalyst 6000 Page Page Monitoring and Viewing the MLS Configuration Viewing the MLS Aging Configuration on a Catalyst 6000 Displaying the IP MLS Configuration Viewing MLSRPs Viewing MLSRP Specifics Displaying MLS VTP Domain Information To display the MLS VTP domain information, enter the following command: 241 Viewing the MLS VLAN Interface Information Viewing MLS Statistics on the Catalyst 5000 Viewing MLS Statistics on the Catalyst 6000 242 Viewing MLS Entries To display all entries in the MLS cache, enter the following command: Chapter 12: Hot Standby Routing Protocol Routing Problems Routing Information Protocol Proxy ARP ICMP Router Discovery Protocol The Solution Page HSRP Message Format The HSRP States HSRP Configuration HSRP Interface Tracking Opening a Session on an Internal Route Processor Entering Configuration Mode on an RSM Enabling HSRP and Assigning an IP Address to a Standby Group Assigning an HSRP Interface Priority Assigning a Preempt Delay to a Standby Group Removing a Preempt Delay from a Standby Group Setting the HSRP Hello and Hold Timers Removing the HSRP Hello and Hold Timers Configuring a ClearText Password for HSRP Authentication Configuring Two RSFC Interfaces as One HSRP Group Enabling Interface Tracking Using the show standby Command Using the debug Command Chapter 13: Policy Networking Access Security Policies Core Layer Policies Distribution Layer Policies Page Page Page Page Page Security at the Access Layer Configuring Passwords Limiting Telnet Access Implementing Privilege Levels Configuring Banner Messages Physical Device Security Port Security VLAN Management Creating a Standard Access List Creating an Extended Access List Page Applying Access Lists Using accessclass Applying Access Lists Using distributelist Configuring a Telnet Session TimeOut Value Implementing Privilege Levels on a 1900EN Configuring Line Console TimeOut Values Configuring Banner Messages Enabling HTTP Access Enabling Port Security Displaying the MAC Address Table Page Chapter 14: Web Management Standard and Enterprise Edition CVSM CVSM Client Requirements CVSM Access Levels CVSM Default Home Page The Switch Image Configuring the Switch with an IP Address and Setting the Default Web Administration Port Connecting to the Web Management Console Page Page Page Page Configuring the Switch Port Analyzer Page Chapter 15: The Standard Edition IOS The 1900 and 2820 Series Switches Main Menu Choices [C] Console Settings [S] System Menu [N] Network Management Page Page [P] Port Configuration Page Page [A] Port Addressing [D] Port Statistics Detail [M] Monitor [V] Virtual LAN [R] Multicast Registration [F] Firmware [I] RS232 Interface [U] Usage Summaries 297 298 [X] ExitThis option returns you to the Main Menu. Configuring Network Settings on the 1900 and 2820 Series 1. Configuring Broadcast Storm Control on Switch Ports Configuring SNMP on the 1900 Series Page Page Configuring Port Monitoring on the Standard Edition IOS Configuring VLANs on the Standard Edition IOS Page Page Configuring Spanning Tree Protocol Page Chapter 16: Switch Troubleshooting Hardware Troubleshooting No Power POST Indicator Lights Switch Cabling Cable Problems CrossOver Cables Switch Troubleshooting Tools CiscoWorks for Switched Internetworks IOS Software Troubleshooting Commands Page Page Viewing the Set/Clear IOS Configuration Page Page Page Viewing the CLIBased IOS Configuration 320 Viewing the Software Version on a Set/Clear CommandBased IOS Module Viewing the IOS Version Information on a CLIBased IOS Using the show flash Command on a Set/Clear Note There is no comparable command on the 1900EN series switches. Testing the Supervisor Engine Hardware on a Set/Clear 322 Testing External Module Hardware on a Set/Clear Viewing the System Configuration on a Set/Clear Viewing the VTP Domain Configuration on a Set/Clear IOS Viewing the VTP Domain Configuration on a CLIBased IOS Viewing the VLAN Configuration on a Set/Clear Viewing the VLAN Configuration on a CLIBased IOS 325 Viewing the Spanning Tree Configuration on a Set/Clear Viewing the Spanning Tree Configuration on a CLIBased IOS 326 Page Viewing the CAM (MAC Address) Table on a Set/Clear Viewing the CAM (MAC Address) Table on a CLIBased IOS Viewing the CDP Neighbors on a Set/Clear CommandBased Viewing the CDP Neighbors on a CLIBased IOS Viewing Individual Port CAM Tables on a CLIBased IOS 330 Viewing Port Statistics on a Set/Clear IOS Page Viewing Port Statistics on a CLIBased IOS 332 Here is the output using the exception syntax: Using the Port Configuration on a Set/Clear CommandBased 333 Using the show port Command on a CLIBased IOS Using the show vlan Command on a Set/Clear CommandBased 334 Using the show vlan Command on a CLIBased IOS Using the show interface Command on a Set/Clear 335 Using the show interface Command on a CLIBased IOS Using the show log Command on a Set/Clear CommandBased 336 Configuring SPAN for Port Monitoring on a Set/Clear Configuring SPAN for VLAN Monitoring on a Set/Clear Launching the Diagnostic Console on a Cisco 1900 or 2820 Series Switch Using the Diagnostic Console to Upgrade the Firmware on a Cisco 1900 or 2820 Series Switch Using the Diagnostic Console for Debugging the Firmware and Hardware Here is an example of the output from the [M] Memory (CPU) I/O option: Here is an example of the output from the [F] Return System To Factory Defaults option: 340 Here is an example of the output from the [V] View management console password option: Appendix A: Study Resources Books Cisco Group Study and Users Groups Live Cisco Training/InternetBased Labs/Study Resources Online Resources Asynchronous Transfer Mode Cisco IOS Hot Standby Router Protocol InterSwitch Link Standards Organizations Cisco Job Search Sites Appendix B: Basic IOS CLItoSet/Clear Commands Page Appendix C: The Cisco Consultant Establishing Credibility Come Off As an Expert Designing a Solution Estimating the Cost Presenting the Final Proposal and Creating Expectations Contracting Document, Document, Document The Way to Fail Failing to Be There When Promised, or Rushing through the Job Failing to Manage Your Time Assuming You Know What the Customer Needs Failing to Take Responsibility Conclusion Appendix D: Cisco 1912EN and Catalyst 5000 Configuration Practice Lab Required Equipment Lab Objectives Possible Solution The 1912 Basic Configuration Page The Catalyst 5000 Basic Configuration Configuring the Cisco 2621 Interface for ISL Trunking Appendix E: Switch Features Access Layer Switches Cisco Catalyst 1900 Cisco Catalyst 2820 Cisco Catalyst 2900 Page Cisco Catalyst 3000 Cisco Catalyst 3500 Series XL Cisco Catalyst 3900 Series Distribution Layer Switches Cisco Catalyst 4000 Series Catalyst 5000 Series Catalyst 6000 Series Core Layer/WAN Switches Cisco Catalyst 8400 Series Cisco Catalyst 8500 Series BPX 8600 Series MGX 8800 Series 12000 Series Gigabit Switch Routers A Page B C Page D Page EF Page GI Page Page KL MN Page OP Page QR S Page T Page UX