Cisco ACE-4710-K9 Administration Guide - Page 87
Terminating an Active User Session, Enabling ICMP Messages to the ACE
View all Cisco ACE-4710-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 87 highlights
Chapter 2 Enabling Remote Access to the ACE Terminating an Active User Session Terminating an Active User Session To terminate an active SSH or Telnet session for the active context, use one of the following commands in Exec mode: • clear ssh {session_id | hosts} • clear telnet {session_id} The arguments, keywords, and options are: • session_id-Specifies the identifier of the SSH or Telnet session to disconnect. You can obtain the specific session_id value using either the show ssh session-info command or the show telnet command in Exec mode. See the "Directly Accessing a User Context Through SSH" section for details. • hosts-Clears the list of trusted SSH hosts from the ACE configuration. For example, to terminate an SSH session, enter: host1/Admin # clear ssh 345 Enabling ICMP Messages to the ACE By default, the ACE does not allow ICMP messages to be received by an ACE interface or to pass through the ACE interface. ICMP is an important tool for testing your network connectivity; however, network hackers can also use ICMP to attack the ACE or your network. We recommend that you allow ICMP during your initial testing, but then disallow it during normal operation. To permit or deny address(es) to reach an ACE interface with ICMP messages, either from a host to the ACE, or from the ACE to a host which requires the ICMP reply to be allowed back, configure a: • Class map to provide the ICMP network traffic match criteria for the ACE. • Policy map to enable ICMP network management access to and from the ACE. • Service policy to activate the policy map, attach the traffic policy to an interface or globally on all interfaces, and specify the direction in which the policy should be applied. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-19