Virtual Terminals (VTYs)
VTYs are logical connections from the network to the router; these are typically telnet, SSH, or rlogin connections. When a user telnets to a router from the network, as in Figure 4-2, the router starts an EXEC process to handle this connection.
Figure 4-2. VTY connections
Although no physical link is associated with a virtual terminal, VTYs are configured just like normal TTY lines. VTYs are enabled once they are configured. If you do not configure any VTYs, then logical connections, such as telnet, cannot be made to your router from the network. Here is a VTY configuration example:
Router(config)#line vty 1 Router(config-line)#login Must be enabled for login access Router(config-line)#exec-timeout 30 0 Set the timeout to 30 minutes Router(config-line)#password letmeinhere Set one password for telnet access Router(config-line)#transport input ssh Allow only ssh access Router(config-line)#access-class 10 in Apply access list 10 to this line Router(config-line)#exit Router(config)#access-list 10 permit host 10.10.1.2
This example shows a semi-secure configuration for a VTY terminal. We set a timeout for 30 minutes and apply only one password. We then use the transport input command to define the protocols that are allowed to use this line; in this case, we are allowing only ssh access. (If you want to be less secure, you can use telnet instead of ssh.) The access-class command applies an access list to this interface. We won't explain access lists here; in this example we use a simple access list to permit access from the host at address 10.10.1.2.
|