|
|
This chapter describes how to manage connections to other hosts and set banner messages for router users. For a complete description of the connections and system banner commands in this chapter, refer to the "Connections and System Banners Commands" chapter in the Configuration Fundamentals Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
The following sections describe the connections and system banners tasks:
This section describes session-management activities. The following sections describe connection-management activities that apply to all supported connection protocols:
By default, the escape sequence is Ctrl^x. If you press the escape key (Escape-Char), you change the Shift-Ctrl-6 sequence to whatever you want. For example, if you press Escape-Char Break, the Break key becomes the new escape character to suspend a session and to access the EXEC prompt.
You can have several concurrent sessions open and switch back and forth between them.
The number of sessions that can be open is defined by the session-limit command.
To switch between sessions by escaping one session and resuming a previously opened session, perform the following tasks:
| Task | Command |
|---|---|
| Step 1 Escape the current connection and return to the EXEC prompt. | Ctrl-Shift-6 then x (Ctrl^x) by default |
| Step 2 List the open sessions. All open sessions associated with the current terminal line are displayed. | where |
| Step 3 Make the connection. | resume [connection] [keyword] |
The Ctrl^x, where, and resume commands are available with all supported connection protocols.
You could also make a new connection while you are at the EXEC prompt.
To assign a logical name to a connection, perform the following task in EXEC mode:
| Task | Command |
|---|---|
| Assign a logical name to a connection. | name-connection |
The logical name can be useful for keeping track of multiple connections.
You are prompted for the connection number and name to assign. The where command displays a list of the assigned logical connection names.
| Task | Command |
|---|---|
| Change a login username. | login |
When you enter this command, the system prompts you for a username and password. Enter the new username and the original password. If the username does not match, but the password does, the Cisco IOS software updates the session with the new username used by login command attempt.
If no username and password prompts appear, the network administrator did not specify that a username and password be required at login time. If both the username and password are entered correctly, the session becomes associated with the specified username.
When you access a system with TACACS security, you can enter your login name or specify a TACACS server by using the following argument when the "Username:" prompt appears:
user @tacacs-serverThe router must be one of the routers defined in a router configuration. For more information, refer to the "Specify a TACACS Host" section later in this chapter, or refer to the tacacs-server host command in the "TACACS, Extended TACACS, and TACACS+ Commands" chapter of the Security Command Reference.
If you do not specify a host, the router tries each of the TACACS servers in the list until it receives a response.
If you specify a host that does not respond, no other TACACS server will be queried. The router either denies access or function, according to the action specified by the tacacs-server last-resort command, if it is configured.
If you specified a TACACS server host with the user @tacacs-server argument, the TACACS server specified is used for all subsequent authentication or notification queries, with the possible exception of SLIP address queries.
For an example of changing a login name, see the "Change a Login Name Example" section at the end of this chapter.
You can prevent access to your terminal session while keeping your connection open by setting up a temporary password. To lock access to the terminal, perform the following tasks in EXEC mode:
| Task | Command |
|---|---|
| Step 1 Issue the lock command. The system prompts you for a password. | lock |
| Step 2 Enter a password, which can be any arbitrary string. The screen clears and displays the message "Locked." | password |
| Step 3 To regain access to your sessions, re-enter the password. | password |
The Cisco IOS software honors session timeouts on a locked line. You must clear the line to remove this feature. The system administrator must set up the line to allow use of the temporary locking feature.
You can specify a TACACS host when you dial in or use the login command. Only the specified host is accessed for user authentication information.
To specify the name of a TACACS host at login, perform the following task in EXEC mode:
| Task | Command |
|---|---|
| Specify the name of a TACACS host at login. | user@hostname |
For an example of specifying a TACACS host, see the "Specify a TACACS Host Example" section at the end of this chapter.
You can send messages to one or all terminal lines. A common reason for doing this is to inform users of an impending shutdown. To send a message to other terminals, perform the following task in EXEC mode:
| Task | Command |
|---|---|
| Send a message to other terminals. | send {line-number | *} |
The system prompts for the message, which can be up to 500 characters long. Enter Ctrl-Z to end the message. Enter Ctrl-C to abort the command.
To clear a TCP connection, perform the following task in privileged EXEC mode:
| Task | Command |
|---|---|
| Clear a TCP connection. | clear tcp {line line-number | local host-name port remote host-name port | tcb address} |
The clear tcp command is particularly useful for clearing hung TCP connections.
The clear tcp line line-number command terminates the TCP connection on the specified TTY line. Additionally, all TCP sessions initiated from that TTY line are terminated.
The clear tcp local host-name port remote host-name port command terminates the specific TCP connection identified by the host name/port pair of the local and remote router.
The protocol used to initiate a session determines how you exit that session.
To exit XRemote, you must quit all active X connections, usually with a command supported by your X client system. Usually, when you quit the last connection (all client processes are stopped), XRemote closes and you return to the EXEC prompt. Check your X client system documentation for specific information about exiting an XRemote session.
To exit a SLIP and PPP, you must hang up the dial-in connection, usually with a command that your dial-in software supports.
To exit a LAT, Telnet, rlogin, TN3270, and X.3 PAD session begun from the router to a remote device, enter the escape sequence (Ctrl-Shift-6 then x [Ctrl^x] by default) and enter the disconnect command at the EXEC prompt. You can also log off the remote system.
Except for XRemote, you also can escape to the EXEC prompt and enter either of the following commands to terminate an active terminal session:
To exit a Telnet session to a router, see the "Log Out of a Router" section.
The method you use to disconnect from a router depends on where you are located in relation to the router, and the port on the router to which you log in. Keep the following in mind:
To disconnect a line, perform the following task in EXEC mode:
| Task | Command |
|---|---|
| Disconnect a line. | disconnect [connection] |
Avoid disconnecting a line to end a session. Instead, log off the host to allow the router to clear the connection. Then end the session. Only if you cannot log out of an active session should you disconnect the line.
The types of banners that can be displayed to terminal users who connect to the router are described in the following sections:
You also can turn off message displays, as described in the "Enable or Disable the Display of Banners" section.
For an example of displaying terminal banner messages, see the "Banner Example" section at the end of this chapter.
You can configure a message-of-the-day (MOTD) banner to be displayed on all connected terminals. This banner is displayed at login and is useful for sending messages that affect all network users (such as impending system shutdowns). To do so, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Configure a MOTD banner. | banner motd d message d |
You can configure a login banner to be displayed on all connected terminals. This banner is displayed after the MOTD banner and before the login prompts.
To configure a login banner, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Configure a login banner. | banner login d message d |
The login banner cannot be disabled on a per-line basis. To globally disable the login banner, you must delete the login banner with the no banner login command.
You can configure a line-activation banner to be displayed when an EXEC process (such as a line-activation or incoming connection to a VTY line) is created. To do so, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Configure a banner to be displayed on terminals with an interactive EXEC session. | banner exec d message d |
You can configure a banner to be displayed on terminals connected to reverse Telnet lines. This banner is useful for providing instructions to users of these types of connections. Reverse Telnet connections are described in more detail in the "Establishing a Reverse Telnet Session to a Modem" chapter in the Dial Solutions Configuration Guide.
To configure a banner that is sent on incoming connections, perform the following task in global configuration mode:
| Task | Command |
|---|---|
| Configure a banner to display on terminals connected to reverse Telnet lines. | banner incoming d message d |
You can control display of the message-of-the-day (MOTD) and line-activation (EXEC) banners. By default, these banners are displayed on all lines. To suppress or reinstate the display of such banners, perform one of the following tasks in line configuration mode:
| Task | Command |
|---|---|
| Suppress MOTD and EXEC banner display. | no exec-banner |
| Reinstate the display of the EXEC or MOTD banners. | exec-banner |
| Suppress MOTD banner display only. | no motd-banner |
| Reinstate the display of the MOTD banners. | motd-banner |
These commands determine whether the router will display the EXEC banner and the message-of-the-day (MOTD) banner when an EXEC session is created. These banners are defined with the banner motd and banner exec commands. By default, the MOTD banner and the EXEC banner are enabled on all lines.
Disable the EXEC and MOTD banners using the no exec-banner command.
The MOTD banners can also be disabled by the no motd-banner line configuration command, which disables MOTD banners on a line. If the no exec-banner command is configured on a line, the MOTD banner will be disabled regardless of whether the motd-banner command is enabled or disabled. Table 6 summarizes the effects of the exec-banner command and the motd-banner command.
| exec-banner (default) | no exec-banner | |
|---|---|---|
| motd-banner (default) | MOTD banner
EXEC banner | None |
| no motd-banner | EXEC banner | None |
For reverse Telnet connections, the EXEC banner is never displayed. Instead, the incoming banner is displayed. The MOTD banner is displayed by default, but it is disabled if either the no exec-banner command or no motd-banner command is configured. Table 7 summarizes the effects of the exec-banner command and the motd-banner command for reverse Telnet connections.
| exec-banner (default) | no exec-banner | |
|---|---|---|
| motd-banner (default) | MOTD banner
incoming banner | incoming banner |
| no motd-banner | incoming banner | incoming banner |
The types of messages that can be displayed to terminal users who connect to the router are described in the following sections:
You can configure messages to be displayed on a console or terminal not in use. Also called a vacant message, this message is different from the banner message displayed when an EXEC process is activated. To configure an idle terminal message, perform the following task in line configuration mode:
| Task | Command |
|---|---|
| Display an idle terminal message. | vacant-message [d message d] |
You can display a "line in use" message when an incoming connection is attempted and all rotary group or other lines are in use. Perform the following task in line configuration mode:
| Task | Command |
|---|---|
| Display a "line in use" message. | refuse-message d message d |
If you do not define such a message, the user receives a system-generated error message when all lines are in use. You also can use this message to provide the user with further instructions.
You can display a "host failed" message when a Telnet connection with a specific host fails. Perform the following task in line configuration mode:
| Task | Command |
|---|---|
| Display a "host failed" message. | busy-message hostname d message d |
This section contains the following examples:
Router>loginUsername:user2Password: % Access denied Still logged in as "user1"
Next, the user attempts the login change again, with the username user2, but enters the correct (original) password. This time the password matches the current login information, the login username is changed to user2, and the user is allowed access to the EXEC at the user-level.
router>loginUsername:user2Password: router>
In the following example, user1 specifies the TACACS host host1 to authenticate the password:
router>loginUsername:user1@host1Translating "HOST1"...domain server (131.108.1.111) [OK]
The following example clears a TCP connection using its TTY line number. The show tcp command displays the line number (tty2) that is used in the clear tcp command.
Router#show tcptty2, virtual tty from host router20.cisco.com Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Local host: 171.69.233.7, Local port: 23 Foreign host: 171.69.61.75, Foreign port: 1058 Enqueued packets for retransmit: 0, input: 0, saved: 0 Event Timers (current time is 0x36144): Timer Starts Wakeups Next Retrans 4 0 0x0 TimeWait 0 0 0x0 AckHold 7 4 0x0 SendWnd 0 0 0x0 KeepAlive 0 0 0x0 GiveUp 0 0 0x0 PmtuAger 0 0 0x0 iss: 4151109680 snduna: 4151109752 sndnxt: 4151109752 sndwnd: 24576 irs: 1249472001 rcvnxt: 1249472032 rcvwnd: 4258 delrcvwnd: 30 SRTT: 710 ms, RTTO: 4442 ms, RTV: 1511 ms, KRTT: 0 ms minRTT: 0 ms, maxRTT: 300 ms, ACK hold: 300 ms Router#clear tcp line 2[confirm] [OK]
The following example clears a TCP connection by specifying its local router host name and port and its remote router host name and port. The show tcp brief command displays the local (Local Address) and remote (Foreign Address) host names and ports to use in the clear tcp command.
Router#show tcp briefTCB Local Address Foreign Address (state) 60A34E9C router1.cisco.com.23 router20.cisco.1055 ESTAB Router#clear tcp local router1 23 remote router20 1055[confirm] [OK]
The following example clears a TCP connection using its TCB address. The show tcp brief command displays the TCB address to use in the clear tcp command.
Router#show tcp briefTCB Local Address Foreign Address (state) 60B75E48 router1.cisco.com.23 router20.cisco.1054 ESTAB Router#clear tcp tcb 60B75E48[confirm] [OK]
The following example shows how to use the banner global configuration commands and the no exec-banner line configuration command to notify your users that the server is going to be reloaded with new software:
! The EXEC and MOTD banners are inappropriate for the VTYs. line vty 0 4 no exec-banner ! banner exec / This is Cisco Systems training group router. Unauthorized access prohibited. / ! banner incoming / You are connected to a Hayes-compatible modem. Enter the appropriate AT commands. Remember to reset anything to change before disconnecting. / ! banner motd / The router will go down at 6pm for a software upgrade /
When someone connects to the router, the MOTD banner appears before the login prompt. After the user successfully logs in to the router, the EXEC banner or incoming banner will be displayed, depending on the type of connection. For a reverse Telnet login, the incoming banner will be displayed. For all other connections, the router will display the EXEC banner.
|
|