|
|
The line configuration commands described in this chapter are used to configure virtual terminal lines, the console port, and the auxiliary port.
For line configuration command descriptions, refer to the "Configuring Terminal Lines and Modem Support" chapter in the Router Products Configuration Guide.
The history line configuration command is described with other user interface commands in the "User Interface Commands" chapter of this manual. The access-class line configuration command, which applies an IP access list to a line, is described in the "Managing the System" chapter in the Router Products Configuration Guide.
The user-level EXEC commands that set terminal parameters for the duration of a session are documented in the Cisco Access Connection Guide.
To set the interval for closing the connection, use the absolute-timeout line configuration command. Use the no form of this command to restore the default.
No timeout interval is automatically set.
This command terminates the connection after the specified time period has elapsed, regardless of whether or not the connection is being used at the time of termination. You can specify an absolute timeout value for each port. The user is given 20 seconds' notice before the session is terminated. You can use this command with the logout-warning command, which notifies the user of an impending logout.
Note You can set this command and an AppleTalk Remote Access (ARA) protocol time-out for the same line; however, this command supersedes any time-outs set in ARA protocol. Additionally, ARA protocol users receive no notice of any impending termination if this interval is set.
The following example sets an interval of 60 minutes on line 5:
To define the character you type at a vacant terminal to begin a terminal session, use the activation-character line configuration command. Use the no form of this command to make any character activate a terminal.
See the "ASCII Character Set" appendix for a list of ASCII characters.
Note If you are using autoselect, let the activation character default to Return and let the exec-character-bits command default to 7. If you change these defaults, the application does not recognize the activation request.
The following example sets the activation character for the console to Delete, which is decimal 127:
To set the line for automatic baud detection, use the autobaud line configuration command. Use the no autobaud command to restore the default.
This command has no arguments or keywords.
This command pertains to the auxiliary port only.
The autobaud detection supports a range from 300 to 19200 baud. A line set for autobaud cannot be used for outgoing connections. Nor can you set autobaud capability on a line using 19200 baud when the parity bit is set because of hardware limitations.
The following example sets the auxiliary port for autobaud detection:
To configure the router to execute a command or list of commands automatically when a user connects to a particular line, use the autocommand line configuration command.
Automatic responses are not configured.
This command applies to the auxiliary port only.
The following example forces an automatic connection to a host named host21 (which could be an IP address). In addition, the UNIX UUCP application specifies TCP socket 25, and the /stream switch enables a raw TCP stream with no Telnet control sequences.
To configure automatic line disconnect, use the autohangup line configuration command. The command causes the EXEC to issue the exit command when the last connection closes.
This command has no arguments or keywords.
This command is useful for UNIX UUCP applications that automatically disconnect lines because UUCP scripts cannot issue the exit command to hang up the telephone.
The following example enables automatic line disconnect on the auxiliary port:
To configure a line to start an ARA, Point-to-Point Protocol (PPP), or SLIP session, use the autoselect line configuration command. Use the no form of this command to disable this function on a line.
Configures the router to allow an ARA session to start up automatically.
This command eliminates the need for users to enter an EXEC command to start an ARA, PPP, or SLIP session.
Note SLIP does not support authentication. For PPP and ARA protocol, you must enable authentication.
The autoselect command configures the router to identify the type of connection being requested. For example, when a user on a Macintosh running ARA selects the Connect button, the router automatically starts an ARA protocol session. If, on the other hand, the user is running SLIP or PPP and uses the autoselect ppp or autoselect slip command, the router automatically starts a PPP or SLIP session, respectively. This command is appropriate for lines used to make different types of connections.
A line that does not have autoselect configured regards an attempt to open a connection as noise. Then when the router does not respond, the user client times out.
Note After the modem connection is established, a Return is required to evoke a response such as the username prompt. You might need to update your scripts to include this requirement. Additionally, let the activation character default to Return, and the exec-character-bits default to 7. If you change these defaults, the application does not recognize the activation request.
The following example enables ARA on a line:
The following example enables PPP on a line:
The following example enables ARA on a line and allows logins from users with a modified CCL script and an unmodified script to log in:
ppp authentication chap
ppp authentication pap
arap use-tacacs
ppp use-tacacs
To display a message on terminals with an interactive EXEC, use the banner exec global configuration command. This command specifies a message to be displayed on when an EXEC process is created (line activated, or incoming connection to VTY).
Follow the command with one or more blank spaces and a delimiting character of your choice. Then enter one or more lines of text, terminating the message with the second occurrence of the delimiting character.
The following example sets an EXEC message. The dollar sign ($) is used as a delimiting character.
banner incoming
banner motd
exec-banner
To specify a message used when you have an incoming connection to a line from a host on the network, use the banner incoming global configuration command. An incoming connection is one initiated from the network side of the router. The EXEC banner can be suppressed on certain lines using the no exec-banner line configuration command. This line should not display the EXEC or MOTD banners when an EXEC is created.
No incoming banner is displayed.
Follow the command with one or more blank spaces and a delimiting character of your choice. Then enter one or more lines of text, terminating the message with the second occurrence of the delimiting character.
The following example sets an incoming connection message. The pound sign (#) is used as a delimiting character.
banner exec
banner motd
exec-banner
To specify a message-of-the-day (MOTD) banner, use the banner motd global configuration command.
Follow the command with one or more blank spaces and a delimiting character of your choice. Then enter one or more lines of text, terminating the message with the second occurrence of the delimiting character.
This message-of-the-day banner is displayed to all terminals connected, and is useful for sending messages that affect all users; impending system shutdowns, for example.
The banner command without any keywords specified defaults to the banner motd command. When a new banner motd command is added to the configuration, it overwrites the existing banner command (no keyword specified). Similarly, if a banner command is added to the configuration, any exiting banner motd command is overwritten.
The following example sets a message-of-the-day banner. The pound sign (#) is used as a delimiting character.
banner exec
banner incoming
exec-banner
To create a "host failed" message that displays when a connection fails, use the busy-message global configuration command. Use the no busy-message command to disable the "host failed" message from displaying on the specified host.
The "host failed" message is not displayed.
This command applies only to Telnet connections.
Follow the busy-message command with one or more blank spaces and a delimiting character of your choice. Then enter one or more lines of text, terminating the message with the second occurrence of the delimiting character.
Defining a "host failed" message for a host prevents all router-initiated user messages, including the initial message that indicates the connection is "Trying..." The busy-message command can be used in the autocommand command to suppress these messages.
The following example sets a message that will be displayed on the terminal whenever an attempt to connect to the host named dross fails. The pound sign (#) is used as a delimiting character.
To set the number of data bits per character that are interpreted and generated by hardware, use the databits line configuration command.
This command pertains to the auxiliary port only.
The databits line configuration command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If parity is being generated, specify 7 data bits per character. If no parity generation is in effect, specify 8 data bits per character. The other keywords are supplied for compatibility with older devices and generally are not used.
The following example changes the data bits to 7 on the auxiliary port:
Two daggers () indicate that the command is documented in the Cisco Access Connection Guide.
terminal data-character-bits
terminal databits
To set the number of data bits per character that are interpreted and generated by software, use the data-character-bits line configuration command.
The data-character-bits line configuration command is used primarily to strip parity from X.25 connections on IGS or Cisco 3000 routers with the protocol translation software option. The data-character-bits line configuration command does not work on hardwired lines.
The following example sets the number of data bits per character for virtual terminal line 1 to 7:
To define the EXEC character width for either 7 bits or 8 bits, use the default-value exec-character-bits global configuration command.
Configuring the EXEC character width to 8 bits allows you to add graphical and international characters in banners, prompts, and so forth. However, setting the EXEC character width to 8 bits can also cause failures. If a user on a terminal that is sending parity enters the command help, an "unrecognized command" message appears because the system is reading all 8 bits, although the eighth bit is not needed for the help command.
The following example selects the full 8-bit ASCII character set for EXEC banners and prompts:
Two daggers () indicate that the command is documented in the Cisco Access Connnection Guide.
default-value special-character-bits
exec-character-bits
special-character-bits
terminal exec-character-bits
terminal special-character-bits
To configure the flow control default value from a 7-bit width to an 8-bit width, use the default-value special-character-bits global configuration command.
Configuring the special character width to 8 bits allows you to add graphical and international characters in banners, prompts, and so forth.
The following example selects the full 8-bit special character set:
Two daggers () indicate that the command is documented in the Cisco Access Connection Guide.
default-value exec-character-bits
exec-character-bits
special-character-bits
terminal exec-character-bits
terminal special-character-bits
To define a character to disconnect a session, use the disconnect-character line configuration command. This command defines the character you enter to end a terminal session. Use the no disconnect-character command to remove the disconnect character.
No disconnect character is defined.
The Break character is represented by zero; NULL cannot be represented.
To use the session disconnect character in normal communications, precede it with the escape character. See the "ASCII Character Set" appendix for a list of ASCII characters.
The following example sets the disconnect character for virtual terminal line 4 to Escape, which is ASCII character 27:
To define a character that causes a packet to be sent, use the dispatch-character line configuration command. Use the no dispatch-character command to remove the definition of the specified dispatch character.
No dispatch character is defined.
This dispatch-character command defines a dispatch character that causes a packet to be sent even if the dispatch timer has not expired. It causes the router to attempt to buffer characters into larger-sized packets for transmission to the remote host. The router normally dispatches each character as it is typed.
This command can take multiple arguments, so you can define any number of characters as dispatch characters.
The following example specifies the Return character as the dispatch character:
To set the character dispatch timer, use the dispatch-timeout line configuration command. Use the no dispatch-timeout command to remove the timeout definition.
No dispatch timeout is defined.
The dispatch-timeout line configuration command causes the router to buffer characters into packets for transmission to the remote host. The router sends a packet a specified amount of time after the first character is put in the buffer. The router normally dispatches each character as it is entered. You can use the dispatch-timeout and dispatch-character line configuration commands together. In this case, the router dispatches a packet each time the dispatch character is entered, or after the specified dispatch timeout interval, depending on which condition is met first.
Note The router's response might appear intermittent if the timeout interval is greater than 100 milliseconds and remote echoing is used.
The following example sets the dispatch timer to 80 milliseconds:
To define a system escape character, use the escape-character line configuration command. The no escape-character command sets the escape character to Break.
The Break key cannot be used as an escape character on the console terminal because the operating software interprets Break as an instruction to halt the system. To send the escape character to the other side, press Ctrl-^ twice.
See the "ASCII Character Set" appendix for a list of ASCII characters.
The following example sets the escape character to Ctrl-P, which is ASCII character 16:
To allow an EXEC process on a line, use the exec line configuration command. The no exec command turns off the EXEC process for the line specified.
This command has no arguments or keywords.
By default, the router starts EXECs on all lines.
When you want to allow an outgoing connection only for a line, use the no exec command. When a user tries to Telnet to a line with the no exec command configured, the user will get no response when pressing the Return key at the login screen.
The following example illustrates how to turn off the EXEC on line 7. You might want to do this on the auxiliary port if the attached device (for example, the control port of a rack of modems) sends unsolicited data to the router. An EXEC would start if this happened, making the line unavailable.
To control whether banners are displayed or suppressed, use the exec-banner line configuration command. This command determines whether the router will display the EXEC banner or the message-of-the-day (MOTD) banner when an EXEC is created. The no exec-banner command suppresses the banner messages.
This command has no arguments or keywords.
By default, the messages defined with banner motd and banner exec commands are displayed on all lines.
The following example suppresses the banner on virtual terminal lines 0 to 4:
To configure the character widths of EXEC and configuration command characters, use the exec-character-bits line configuration command.
Setting the EXEC character width to 8 allows you to use special graphical and international characters in banners, prompts, and so forth. However, setting the EXEC character width to 8 bits can cause failures. If a user on a terminal that is sending parity enters the command help, an "unrecognized command" message appears because the system is reading all 8 bits, although the eighth bit is not needed for the help command.
Note If you are using the autoselect command, set the activation-character to the default Return and exec-character-bits to the default 7. If you change these defaults, the application does not recognize the activation request.
The following example allows full 8-bit international character sets by default, except for the console, which is an ASCII terminal. It illustrates use of the default-value exec-character-bits global configuration command and the exec-character-bits line configuration command.
Two daggers () indicate that the command is documented in the Cisco Access Connection Guide.
default-value exec-character-bits
default-value special-character-bits
special-character-bits
terminal exec-character-bits
terminal special-character-bits
To set the interval that the EXEC command interpreter waits until user input is detected, use the exec-timeout line configuration command. The no exec-timeout command removes the timeout definition.
If no input is detected, the EXEC resumes the current connection, or if no connections exist, it returns the terminal to the idle state and disconnects the incoming session.
The no version of this command has the same effect as the exec-timeout 0 command.
The following example sets a time interval of 2 minutes, 30 seconds:
The following example sets a time interval of 10 seconds:
To set the method of data flow control between the terminal or other serial device and the router, use the flowcontrol line configuration command. To disable flow control, use the no form of this command.
This command pertains to the auxiliary port only.
When software flow control is set, the default stop and start characters are Ctrl-S and Ctrl-Q (XOFF and XON). You can change them with the stop-character and start-character commands.
The following example sets hardware flow control on the auxiliary port:
To define the local hold character used to pause output to the terminal screen, use the
hold-character line configuration command. The no hold-character command restores the default.
The Break character is represented by zero; NULL cannot be represented. To continue the output, type any character after the hold character. To use the hold character in normal communications, precede it with the escape character. See the "ASCII Character Set" appendix for a list of ASCII characters.
The following example sets the hold character to Ctrl-S, which is ASCII decimal 19:
Two daggers () indicate that the command is documented in the Cisco Access Connnection Guide.
To set the terminal screen length, use the length line configuration command.
Not all commands recognize the configured screen length. For example, the show terminal command assumes a screen length of 24 lines or more. The router software uses the value of this command to determine when to pause during multiple-screen output.
The following example illustrates how to disable the screen pause function on the console terminal:
To configure a console port line, auxiliary port line, or virtual terminal lines, use the line global configuration command.
If you include one of the optional type keywords (aux, console, or vty), the line number is treated as a relative line number. If you enter the line command without an optional type keyword, the line number is treated as an absolute line number. Absolute line numbers increment consecutively and can be difficult to manage on large systems.
You can set communication parameters, specify autobaud connections, configure terminal operating parameters, and more for any of the terminal lines on the router.
The relative line number of the auxiliary port must be 0. See the modem line configuration command to set up modem support on the auxiliary port. The absolute line number of the auxiliary port is 1.
Virtual terminal lines are used to allow remote access to the router. A virtual terminal line is not associated with either the console or auxiliary port. You can address a single line or a consecutive range of lines with the line command. A line number is necessary, though, and you will receive an error message if you forget to include it.
The following example starts configuration for virtual terminal lines 0 to 4:
The following example configures the auxiliary port with a line speed of 2400 baud and enables the EXEC:
Two daggers indicate that the command is documented in the Cisco Access Connection Guide.
show line
show users all
To record the location of a serial device, use the location line configuration command. The no location command removes the description.
Locations of serial devices are not recorded.
The location command enters information about the device location and status. Use the EXEC command show users all to display the location information.
The following example identifies the location of the console:
Two daggers () indicate that the command is documented in the Cisco Access Connection Guide.
To enable the EXEC command lock, use the lockable global configuration command The no lockable command reinstates the default, which does not allow the terminal to be locked.
This command has no arguments or keywords.
This command allows a terminal to be temporarily inaccessible by use of a temporary password.
The following example sets the terminal to the lockable state:
Two daggers () indicate that the command is documented in the Cisco Access Connection Guide.
To enable password checking at login, use the login line configuration command. Use the no login command to disable password checking and allow connections without a password.
By default, virtual terminals require a password. If you do not set a password for a virtual terminal, it will respond to attempted connections by displaying an error message and closing the connection.
If you specify login without the local or tacacs option, authentication is based on the password specified with the password line configuration command.
Note This command cannot be used with Authentication, Authorization, and Accounting (AAA)/TACACS+. Use the login authentication command instead.
The following example sets the password letmein on virtual terminal line 4:
The following example illustrates how to enable the TACACS-style user ID and password-checking mechanism:
A dagger () indicates that the command is documented in another chapter.
enable password
password
username
To enable AAA/TACACS+ authentication for logins, use the login authentication line configuration command. Use the no form of the command to return to the default.
 | Caution If you use a list-name value that has not been configured with the aaa authentication login command, you will disable logins on this line. |
Login authentication uses the default set with aaa authentication login command. If no default is set, the local user database is checked. No authentication is performed on the console.
This command is a per-line command used with AAA, and specifies the name of a list of TACACS+ authentication processes to try at login. If no list is specified, the default list is used (whether or not it is specified in the command line). You create defaults and lists by using the aaa authentication login command. Note that entering the no version of login authentication has the same effect as entering the command with the default argument.
Before issuing this command, create a list of authentication processes by using the global configuration aaa authentication login command.
The following example specifies that the default AAA authentication is to be used on line 4:
The following example specifies that the AAA authentication list called MIS-access is to be used on line 7:
To define a string of characters that the router sends to a host after a successful Telnet connection, use the login-string global configuration command. This command applies only to rlogin and Telnet sessions. The no login-string command removes the login string.
Follow the command with one or more blank spaces and a delimiting character of your choice. Then enter one or more lines of text, terminating the message with the second occurrence of the delimiting character. To use a percent sign in the login string, precede it with another percent sign; that is, type the characters "%%." The options can be used anywhere within the message string.
In the following example, the value %5p causes a 5-second pause:
To set the amount of time that the router waits for CTS after raising DTR in response to RING, use the modem answer-timeout line configuration command. The no form of this command reverts the router to the default value.
This command applies to the auxiliary port only. It is useful for modems that take a long time to synchronize to the appropriate line speed.
The following example sets the timeout interval to 20 seconds:
To support dial-in modems that use DTR to control the off-hook status of the modem, use the modem callin line configuration command. In response to RING, the modem raises the DTR signal, which answers the modem. At the end of the session, the router lowers DTR, which disconnects the modem. The no form of this command disables this feature.
This command has no arguments or keywords.
This command applies to the auxiliary port only.
The following example causes the modem connected to the router to raise DTR in response to RING:
modem answer-timeout
modem in-out
To configure a line for reverse connections, use the modem callout line configuration command. The no form of this command disables this feature.