Configuring Banner Messages; Enabling Http Access - Cisco RJ-45-to-AUX Brochure

To configure the time−out value to five minutes on the console port of an IOS−based route processor or
router, use the following command:
HSNRSM (config)# line console 0
HSNRSM (config−line)# exec−timeout 5
To configure the time−out value to five minutes on the VTY port of an IOS−based route processor or router,
use the following command:
HSNRSM (config)# line vty 0 4
HSNRSM (config−line)# exec−timeout 5
Tip To configure seconds beyond a round number of minutes, you can add an additional value to the
command. For example, if you want the exec−timeout to be 5 minutes and 10 seconds, the command is
exec−timeout 5 10.

Configuring Banner Messages

To configure a Message Of The Day (MOTD) banner on a Set/Clear command−based switch, use the
following command from a Privileged mode prompt:
CAT5K(enable) set banner motd ÔWe Prosecute Unauthorized Access!'
To configure a MOTD banner on a Cisco IOS command−based switch or route processor, use the following
command from a Global Configuration mode prompt:
1912EN(config)# banner login ÔWe Prosecute Unauthorized Access!'

Enabling HTTP Access

Starting with the release of version 11.0(6) of the Cisco IOS, Cisco included HTTP server software, which
allows you manage the Cisco IOS from a Web browser. This software makes managing your switches
easier—but opens one giant security hole.
By default, access through HTTP is disabled. To enable access through HTTP, use the following command:
CAT5KRSM(config)# ip http server
An access list can be configured to allow you to choose the IP address of the network device that can be used
to access the switch. For example, use the following command to allow a PC with the IP address 15.47.112.10
for access list 2:
CAT5KRSM(config)# access−list 2 permit 15.47.112.10
Suppose this is the only statement in the access list. Because of the implied "deny all," once this access list is
applied, only a PC with IP address 15.47.112.10 will be able to manage the switch. Before this filter will
work, however, you must still apply the access list, state the authentication type, and configure the username
and password. To apply the access list, use the following command:
CAT5KRSM(config)# ip http access−class 2
You can apply four types of authentication to HTTP access on a switch or router. Table 13.4 describes each of
the four types of authentication.
Table 13.4: The four HTTP authentication types for a switch route processor or router.
268