Advertisement
(Optional) Sometimes administrators inadvertently leave lines in use. To make idle telnet sessions end
after 30 minutes, enter the exec-timeout 30 0 command on all the lines.
!
line 1 16
no exec
exec-timeout 30 0
transport input telnet
!
Using web-based access to the CLI reduces the need for telnet sessions to monitor or verify network
operations. Telnet sessions can be reserved for actions such as making configuration changes.
Additionally, sending syslog to a syslog server prevents telnet sessions from becoming cluttered with
debug output.
HTTP access to the CLI is:
Very difficult to secure. One way of securing a router is to use access-control lists on all VTY lines.
Enable only devices in the NOC to access the VTY lines.
Not recommended for service providers. If used, you should weigh the perceived ease of use versus
the additional security issues involved with HTTP access to a network device.
The Cisco IOS CLI Command Center is a web page utility that provides HTTP access to CLI commands
on a router. HTTP access to the CLI simplifies the troubleshooting tasks for a help desk.
To manage a dial Internet access service by using HTTP access to CLI commands, follow these steps:
Enable HTTP services on the Cisco IOS device by entering the following commands:
!
ip http server
ip http authentication aaa
!
ip http server
ip http authentication aaa
Enables the router to function as an HTTP server.
Uses the AAA facility as an authentication method
for HTTP server users.
Advertisement
