Manualshelf

R2511-HP MSR Router Series Terminal Access Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
919293949596979899100
88
Terminal timeout lock
This feature enables the router to lock a terminal that does not exchange data within a specified period.
The terminal cannot be operated until it is unlocked. The username for unlocking the terminal must be
consistent with the authentication username used before the terminal was locked.
This feature is not available if no authentication is configured on the router.
Terminal hotkey lock
This feature enables users to lock terminals by using a hotkey. After a terminal is locked, the user must
enter authentication information to unlock it. The username for unlocking the terminal must be consistent
with the authentication username used before the terminal was locked.
This feature is not available if no authentication is configured on the router.
Terminal timeout disconnection
If a terminal does not exchange data with the router within a specified period, the router disconnects the
terminal from the FEP to release resources without affecting other connections.
Manual link disconnection
You can manually disconnect a terminal from the router. Use this feature when you want to adjust
attributes for a terminal, or to reset an abnormal TCP connection.
Encryption
This feature can encrypt data transmitted between the router and FEPs to enhance data security.
As shown in Figure 16, data is tr
ansmitted in ciphertext between Router A and the FEP. Router A and the
FEP that runs the ETelnet server, ttyd, or sshd program can both implement data encryption and
decryption. TTY terminal access supports AES encryption and quick encryption (a proprietary algorithm).
SSH terminal access supports two asymmetric encryption algorithms, RSA and DSA.
Figure 16 Data encryption between the router and the FEP
Source address binding
This feature allows you to use the IP address of a stable interface (a loopback interface or dialer interface
is recommended) as the source IP address for TCP connections initiated from the router to FEPs. This
feature can be used in the following scenarios:
In a WAN, the router accesses an FEP through the primary dial-up link after passing authentication.
If the primary link fails, the router tries to use the secondary link, but it cannot pass the
authentication of the FEP because the IP address is changed.
For security or some other reason, the actual source IP addresses of TCP connections from the router
to FEPs should be hidden.