- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM

101

102

103

104

105

106

107

108

109

110

General IP Features

5-6 Configuring IP

does not actually examine or store full routing tables sent by routing devices, it merely keeps track

of which systems are sending such data. Using IRDP, the XSR can specify both a priority and the

time after which a device should be assumed down if no further packets are received.

The XSR enables router discovery and associated values with the

ip irdp command. The router

also supports the redirection of packets routed through the same port they were received on with

the

ip redirect command.

TCP

The Transmission Control Protocol (TCP) is a transport layer language providing a connection-

oriented, reliable, byte-stream service described by RFC-793.

UDP

The User Datagram Protocol (UDP) is a simple, datagram-oriented, transport layer protocol where

each operation by a process produces exactly one UDP datagram, which causes one IP datagram

to be sent. RFC-768 describes UDP.

Telnet

Telnet provides a general, bi-directional, 8-bit byte-oriented communications facility that is

always enabled on the XSR. It is a standard method by which terminal devices and terminal-

oriented processes interface, as described by RFC-854. A Telnet connection is a TCP connection

used to transmit data with interspersed Telnet control data. Two entities compose a Telnet link:

•A Telnet server is the host which provides some service

•A Telnet user is the host which initiates communications

Telnet port (23) and server settings can be configured on the XSR with the

ip telnet port and

ip telnet server commands. You can also configure Telnet client service to other servers with

the

telnet ip_address command. Refer to the XSR CLI Reference Guide for more information.

SSH

The Secure Shell (SSH) protocol provides for safe remote login and other network services on the

XSR. Along with a user-supplied client, the SSHv2 server allows you to establish a secure

connection, similar to that provided by an inbound Telnet connection with an important

exception.

Unlike Telnet, SSH encrypts the entire connection with the XSR to hide your identity, provides

data confidentiality via the negotiated choice of encryption types such as 3DES, and offers

message integrity through hashing using SHA-1 or other algorithms such as MD5 or crypto

library support for third-party encryption ciphers such as Blowfish, Twofish, AES, CAST and

ARCfour. Enabled (by default) on the CLI with the

ip ssh server command, SSH is further

configured by specifying users, passwords, privilege level and policy with the

aaa user,

password, privilege 15 and policy commands, the idle timeout interval for your SSH session

with the

session-timeout ssh command, and user authentication with the aaa SSH command.

Upon configuring the XSR for the first time, you should generate a host key pair with the

crypto

key dsa

command, otherwise, if no key is generated, the default key is used for any connection

request. Generated host keys are encrypted and stored in the hostkey.dat file within Flash where

the file cannot be read or copied. All SSH connection requests use the host keys stored in the