Manualshelf

- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM
31323334353637383940
Utilizing the Command Line Interface
XSR User’s Guide 2-3
Terminal Commands
If you want to display identification information about the current terminal connection, issue the
show whoami command. Refer to the XSR Getting Started Guide and XSR CLI Reference Guide for
more information on commands.
Connecting via Telnet
Once the XSR is properly configured with a valid IP address, you can remotely connect to the CLI
via Telnet using the default user admin with no password. Later, you can create users with the
username command.
Although up to five concurrent Telnet/SSH and one Console sessions are supported, if more than
one session is running simultaneously (including the Console session), only one session permits
configuration changes. Any other session could only view configuration settings. This prohibition
applies to all commands that make changes to the configuration and is limited to Global mode.
For example, if a user is in Global mode and another user tries to enter Global mode, the second
user will get the following error message:
XSR#config
Configuration is currently locked by user admin. Please try later.
Also, in order to ensure that an administrator can always login to the router, one of the five
permitted Telnet or SSH sessions is always reserved for the administrator.
That is, if the first four sessions are regular users, the fifth session will allow only the
administrator to login. But if one of the first four is logged in as administrator, then the fifth
session can be any user. You can also Telnet from the XSR to a server by using the
telnet
ip_address
command. It is a useful utility for diagnostics. Be aware that the router will try to
make a Telnet connection for 70 seconds.
Connecting via SSH
Secure Shell (SSH v2) encrypts the link to the XSR so it is a more secure alternative to Telnet for
remote connections. To activate SSH, invoke the following commands:
Create a host key pair with
crypto key dsa generate
Add an AAA user including a password and privilege level with aaa user, password and
privilege 15. You can also create a user in the CLI database with the username command.
Enable SSH access with
policy ssh
Enable local authentication with aaa client ssh
Load an SSH client application on your PC to connect with the XSR
Optionally, you can disable Telnet with
ip telnet server disable for higher security
Optionally, if you are enabling the firewall feature set you can configure an Access Control List
(ACL) to allow a single host SSH access to the XSR by entering these commands:
XSR(config)#access-list 100 permit tcp host 192.168.1.10 eq 22
XSR(config)#access-list 100 deny tcp any host 192.168.1.10 eq 22
XSR(config)#access-list 100 permit ip any
XSR(config)#interface fastethernet 1
XSR(config-if<F1>)#ip access-group 100 in