To configure the time−out value to five minutes on the console port of an IOS−based route processor or router, use the following command:

HSNRSM (config)# line console 0

HSNRSM (config−line)# exec−timeout 5

To configure the time−out value to five minutes on the VTY port of an IOS−based route processor or router, use the following command:

HSNRSM (config)# line vty 0 4

HSNRSM (config−line)# exec−timeout 5

Tip To configure seconds beyond a round number of minutes, you can add an additional value to the command. For example, if you want the exec−timeout to be 5 minutes and 10 seconds, the command is

exec−timeout 5 10.

Configuring Banner Messages

To configure a Message Of The Day (MOTD) banner on a Set/Clear command−based switch, use the following command from a Privileged mode prompt:

CAT5K(enable) set banner motd ÔWe Prosecute Unauthorized Access!’

To configure a MOTD banner on a Cisco IOS command−based switch or route processor, use the following command from a Global Configuration mode prompt:

1912EN(config)# banner login ÔWe Prosecute Unauthorized Access!’

Enabling HTTP Access

Starting with the release of version 11.0(6) of the Cisco IOS, Cisco included HTTP server software, which allows you manage the Cisco IOS from a Web browser. This software makes managing your switches easier—but opens one giant security hole.

By default, access through HTTP is disabled. To enable access through HTTP, use the following command:

CAT5KRSM(config)# ip http server

An access list can be configured to allow you to choose the IP address of the network device that can be used to access the switch. For example, use the following command to allow a PC with the IP address 15.47.112.10 for access list 2:

CAT5KRSM(config)# access−list 2 permit 15.47.112.10

Suppose this is the only statement in the access list. Because of the implied “deny all,” once this access list is applied, only a PC with IP address 15.47.112.10 will be able to manage the switch. Before this filter will work, however, you must still apply the access list, state the authentication type, and configure the username and password. To apply the access list, use the following command:

CAT5KRSM(config)# ip http access−class 2

You can apply four types of authentication to HTTP access on a switch or router. Table 13.4 describes each of the four types of authentication.

Table 13.4: The four HTTP authentication types for a switch route processor or router.

268

Page 284
Image 284
Cisco Systems RJ-45-to-AUX manual Configuring Banner Messages, Enabling Http Access, Exec−timeout 5, 268