- Enterasys Security Router User's Guide
General IP Features
XSR User’s Guide 5-7
hostkey.dat file unless none have been generated or the content of the file is corrupted in which case
default keys are used to secure the connection.
A number of SSH clients are commercially available. Enterasys recommends the PuTTY client
freeware as compatible and easy to configure. For step-by-step instructions on installing PuTTY
and configuring SSH, refer to “Configuring Security” in the XSR User’s Guide.
Trivial File Transfer Protocol (TFTP)
TFTP is a bare bones file transfer protocol, as defined by RFC-1350, using UDP to simplify
transport with less overhead. The XSR provides TFTP client functionality using the
snmp-server
tftp-server-list
and copy <file> commands. Always enabled on the router, it is useful to
save and restore configuration files and images.
Refer to the XSR CLI Reference Guide and “Managing the XSR” on page 2-1 for more information.
IP Interface
IP interfaces are virtual circuits used to pass traffic between a physical port and the XSR
forwarder. IP interfaces have the following characteristics:
• Numbered interfaces have IP addresses assigned to them.
• The port can be pinged to monitor its status with the
ping command.
• Some routing protocols require the interface to have an IP address.
• The command
interface <serial | fast/gigabitethernet | bri | dialer |
loopback | vpn | multilink | atm>
sets all XSR interfaces.
• Un-numbered interfaces are not assigned IP addresses
– Un-numbered interfaces may be used on point-to-point networks. By default, the address
used by the unnumbered interface when it generates a packet is the router ID, which is the
address of the highest, non-zero configured loopback interface. An unnumbered interface
address can be configured to be the address of a specified numbered interface. The
ip
unnumbered
command sets interface parameters on the XSR.
– An un-numbered interface cannot be pinged to monitor its status.
Secondary IP
Enabling secondary IP allows multiple IP addresses to be configured on the same physical
network interface and multiple subnets to share one MAC address. Secondary addresses are
treated largely like primary addresses, but not exactly the same, as explained below.
Secondary IP is useful when there are insufficient host addresses on a network segment.
Configuring several subnets on the router interface which connects the network segment
combines these logical subnets into one physical segment making more host addresses available.
Interface & Secondary IP
The XSR supports secondary IP on Ethernet networks only. All other ports, including loopback
interfaces, support one IP address per interface only.
Note: SSH is enabled by default on port 22. Be aware that with SSH enabled, traditional facilities
such as FTP, TFTP, and Telnet are not disabled so to ensure system security, you must disable
other communication services.