Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

16-2

Cisco ASDM User Guide

OL-16647-01

Chapter 16 Configuring Management Access

Configuring CLI Parameters

Step 10 For SSH sessions, the default timeout value is 60 minutes. To change this value, type a new one in the

SSH Timeout field.

Step 11 Click Apply.

The changes are saved to the running configuration.

Configuring CLI Parameters

This section includes the following topics:

• Adding a Banner, page 16-2

• Customizing a CLI Prompt, page 16-3

• Changing the Console Timeout Period, page 16-4

Adding a Banner

You can configure a message to display when a user connects to the security appliance, before a user

logs in, or before a user enters privileged EXEC mode.

See the following guidelines:

• From a security perspective, it is important that your banner discourage unauthorized access. Do not

use the words welcome or please, as they appear to invite intruders in. The following banner sets the

correct tone for unauthorized access:

You have logged in to a secure device. If you are not authorized to access this

device,

log out immediately or risk possible criminal consequences.

• See RFC 2196 for guidelines about banner messages.

• Only ASCII characters are allowed, including new line (Enter), which counts as two characters.

• Do not use tabs in the banner, because they are not preserved in the CLI version.

• There is no length limit for banners other than those for RAM and flash memory.

• You can dynamically add the hostname or domain name of the security appliance by including the

strings $(hostname) and $(domain).

• If you configure a banner in the system configuration, you can use that banner text within a context

by using the $(system) string in the context configuration

• After a banner is added, security appliance Telnet or SSH sessions may close if:

–

There is not enough system memory available to process the banner message(s).

–

A TCP write error occurs when attempting to display banner message(s).

To add a message of the day, login, or session banner, perform the following steps:

Step 1 From the Configuration > Device Management > Management Access > Command Line (CLI) > Banner

pane, add your banner text to the field for the type of banner you are creating for the CLI:

• Session (exec) banner—This banner appears when a user accesses privileged EXEC mode at the

CLI.

previous next