Virtual terminals are logical connections from the network to the router; these are typically telnet or rlogin connections. When a user telnets to a router from the network, as in Figure 4-2, the router starts an EXEC process to handle this connection.
Although no physical link is associated with a virtual terminal, VTYs are configured just like normal TTY lines. VTYs are enabled once they are configured. If you do not configure any VTYs, then logical connections, such as telnet, cannot be made to your router from the network. Here is a VTY configuration example:
Router(config)#line vty 1
Router(config-line)#exec-timeout 0 30
Set the timeout to 30 minutes Router(config-line)#password letmeinhere
Set one password for telnet access Router(config-line)#transport input telnet
Allow only telnet access Router(config-line)#access-class 10 in
Apply access list 10 to this line Router(config-line)#exit
Router(config)#access-list 10 permit host 10.10.1.2
This example shows a semi-secure configuration for a VTY terminal. We
set a timeout for 30 minutes and apply only one password. We then use
the transport
input
command to
define the protocols that are allowed to use this line; in this case,
we are allowing only telnet access. The
access-class
command applies an access list to this
interface. We won’t explain access lists here; in this example
we use a simple access list to permit access from the host at address
10.10.1.2.
Get CISCO IOS in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.