The Console Port

Each router has one console port . This port always has line number 0. You make a connection to the console port by attaching a standard RS232 cable, as shown in Figure 4-1. This cable is often shipped with your router.

Figure 4-1. Console cable connection

You can use any VT100 terminal-emulation program to talk to the router; just select the correct PC serial interface (the one the console cable is plugged into) and then hit the Enter key a few times. The router responds by starting an EXEC session, which is the process within the router that provides the command-line interface. The default settings for the port are 9600 baud, 8 databits, no parity, and 1 stop bit. If you changed any of these defaults on the device, you will have to change the settings on your terminal program to match.

Using the line commands, we can define and control access to the console port . Here is a basic configuration :

Router#config terminal Router(config)#service linenumber Router(config)#line console 0 Router(config-line)#location Building-2A Router(config-line)#exec-timeout 30 0

The location command identifies the router's location to the users. The command service linenumber displays the location information automatically to the user upon login. This information can be useful when you are administering your routers. Next, we add a basic security measure: a timeout. If the console port is idle for more than 30 minutes, the session automatically closes. You do not want the session active all the time in a real environment. If you forget to log out, someone might come in after you and modify the router's configuration!

A little more security can be achieved by adding a user login:

Router(config)#username bob password letmein Router(config)#line console 0 Router(config-line)#login local

These commands provide only minimal security; for more effective security measures, see Chapter 15.