2-10
Controlling Management Access to the ProCurve Secure Router
Securing Management Access to the ProCurve Secure Router
If a user cannot enter the correct password, the router terminates the Telnet
session. It does not allow the user to access the next Telnet line. If you place
a password that only you know on Telnet line 0, no other user will be able to
access the other Telnet lines for which they do know the password—except
in the unlikely event that you have already established a Telnet session with
the router.
Configuring an Enable Mode Password. To provide access to the enable
mode context through a Telnet session, you must configure an enable mode
password. If you do not configure an enable mode password, users will receive
a message, telling them that no enable mode password is configured, and they
will be denied access to the enable mode context.
To configure an enable mode password, move to the global configuration
mode context and enter:
Syntax: enable password [md5] <password>
Configuring Timeout Setting for Telnet Access. By default, the
ProCurve Secure Router maintains your Telnet session until it has been
inactive for 15 minutes. You can configure the number of minutes a line session
can remain inactive before the Secure Router OS terminates the session. From
the Telnet line configuration mode context, enter:
Syntax: line-timeout <minutes>
Replace minutes with a number between 0 and 35791.
To return this setting to the default value, use the no command:
Syntax: no line-timeout <minutes>
Entering 0 will disable the timeout.
Disabling the Login Requirement. If you do not want to require a pass-
word for users to establish a Telnet session, you can disable the login option.
From the Telnet line configuration mode context, enter:
ProCurve(config-telnet0–4)# no login
Disabling this option is not recommended because it weakens your security
and could compromise your entire network. However, if you do disable the
login option, you are still required to create an enable mode password to allow
users to configure the router through a Telnet session.
To Next Page
Loading...
Need help?
General
