Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

60-35

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 60 Router Device Administration

Line Access on Cisco IOS Routers

Line Access on Cisco IOS Routers

Security Manager enables you to configure command line access (also called EXEC access) to a router

using the following methods:

• Console port—Physical connection via a standard RS232 cable for local access. For more

information, see:

–

Defining Console Port Setup Parameters, page 60-35

–

Defining Console Port AAA Settings, page 60-37

• VTY lines—Virtual terminal lines for remote access, typically using protocols such as Telnet, SSH,

or rlogin. For more information, see:

–

Defining VTY Line Setup Parameters, page 60-38

–

Defining VTY Line AAA Settings, page 60-40

After you configure and deploy these policies, you can use these lines to communicate with individual

devices directly when you want to configure or diagnose them using the CLI.

Defining Console Port Setup Parameters

The console port on a router is generally used for local system access by an administrator with physical

access to the device. By default, the console port is set up as follows:

• All permitted users have privileged access to the router, including all configuration commands

(privilege level 15).

• The line is disconnected after 10 minutes without user input.

• Incoming connections are not permitted.

• Outgoing connections support Telnet only.

In addition to modifying any of the default settings, you can optionally define the following settings:

• The password for accessing the console.

• Whether to disable all EXEC sessions on the console.

Prioritized Method List Defines a sequential list of methods to be used when authorizing a user.

Enter the names of one or more AAA server group objects (up to four),

or click Select to select them. Use the up and down arrows in the object

selector to define the order in which the selected server groups should

be used. If the object that you want is not listed, click the Create button

to create it.

The device tries initially to authorize users using the first method in the

list. If that method fails to respond, the device tries the next method,

and so on, until a response is received.

Supported methods include TACACS+, Local, and None.

Note If you select None as a method, it must appear as the last

method in the list.

Table 60-15 Command Authorization Dialog Box (Continued)

Element Description

previous next