Enterasys Networks X-PeditionTM manual Tcp, Telnet

General IP Features

does not actually examine or store full routing tables sent by routing devices, it merely keeps track of which systems are sending such data. Using IRDP, the XSR can specify both a priority and the time after which a device should be assumed down if no further packets are received.

The XSR enables router discovery and associated values with the ip irdp command. The router also supports the redirection of packets routed through the same port they were received on with the ip redirect command.

TCP

The Transmission Control Protocol (TCP) is a transport layer language providing a connection- oriented, reliable, byte-stream service described by RFC-793.

UDP

The User Datagram Protocol (UDP) is a simple, datagram-oriented, transport layer protocol where each operation by a process produces exactly one UDP datagram, which causes one IP datagram to be sent. RFC-768 describes UDP.

Telnet

Telnet provides a general, bi-directional, 8-bit byte-oriented communications facility that is always enabled on the XSR. It is a standard method by which terminal devices and terminal- oriented processes interface, as described by RFC-854. A Telnet connection is a TCP connection used to transmit data with interspersed Telnet control data. Two entities compose a Telnet link:

•A Telnet server is the host which provides some service

•A Telnet user is the host which initiates communications

Telnet port (23) and server settings can be configured on the XSR with the ip telnet port and ip telnet server commands. You can also configure Telnet client service to other servers with the telnet ip_address command. Refer to the XSR CLI Reference Guide for more information.

SSH

The Secure Shell (SSH) protocol provides for safe remote login and other network services on the XSR. Along with a user-supplied client, the SSHv2 server allows you to establish a secure connection, similar to that provided by an inbound Telnet connection with an important exception.

Unlike Telnet, SSH encrypts the entire connection with the XSR to hide your identity, provides data confidentiality via the negotiated choice of encryption types such as 3DES, and offers message integrity through hashing using SHA-1 or other algorithms such as MD5 or crypto library support for third-party encryption ciphers such as Blowfish, Twofish, AES, CAST and ARCfour. Enabled (by default) on the CLI with the ip ssh server command, SSH is further configured by specifying users, passwords, privilege level and policy with the aaa user, password, privilege 15 and policy commands, the idle timeout interval for your SSH session with the session-timeout ssh command, and user authentication with the aaa SSH command.

Upon configuring the XSR for the first time, you should generate a host key pair with the crypto key dsa command, otherwise, if no key is generated, the default key is used for any connection request. Generated host keys are encrypted and stored in the hostkey.dat file within Flash where the file cannot be read or copied. All SSH connection requests use the host keys stored in the

5-6 Configuring IP