Setting Up Telnet Access Characteristics | Performance and Fault Management: A Practical Guide to Effectively Managing Cisco Network Devices (Cisco Press Core Series)

Many network operations folks probably spend most of their time Telnetted into their Cisco devices when they are troubleshooting issues or even looking at statistics, rather than looking at an NMS station's GUI representation of the data. Some folks even use Telnet as their method of managing the network by using scripts written in Spy, Expect, or even Perl. If this is how you manage your network, consider the steps outlined in the following sections.

Set the Terminal Length to 0 When Using Scripts to Gather the Data

When there are multiple "screen dumps" associated with a particular show command, it is not efficient to always insert a <space> when the next screen needs to be displayed, as seen from a Telnet session. Use the following CLI command to set the terminal length within a VTY (Telnet) session: In a router, term length 0 and in a Catalyst switch, set length 0.

If scripting around Telnet, be sure and set the terminal length back to 24 when exiting the device.

Use TACACS+ or RADIUS On the Devices for Access

Setting up TACACS+ or RADIUS type of device access does three things:

Eliminates the need for shared passwords.
Logs activities, such as configuration changes or who and when someone was Telnetted into the device.
Restricts who can use what commands in the device, either per command or per privilege level (enable mode versus non-enable mode).

Scripting is a lot easier and more secure when you only have to use one username and password to log in to a router or switch, instead of multiple passwords as defined on the devices themselves.