Manuals / Enterasys Networks / Computer Equipment / Network Router

Enterasys Networks X-PeditionTM Connecting via Telnet, Connecting via SSH, Terminal Commands

Models: X-PeditionTM

1 466
Download 466 pages 52.77 Kb
Page 39
Image 39

Utilizing the Command Line Interface

Terminal Commands

If you want to display identification information about the current terminal connection, issue the show whoami command. Refer to the XSR Getting Started Guide and XSR CLI Reference Guide for more information on commands.

Connecting via Telnet

Once the XSR is properly configured with a valid IP address, you can remotely connect to the CLI via Telnet using the default user admin with no password. Later, you can create users with the username command.

Although up to five concurrent Telnet/SSH and one Console sessions are supported, if more than one session is running simultaneously (including the Console session), only one session permits configuration changes. Any other session could only view configuration settings. This prohibition applies to all commands that make changes to the configuration and is limited to Global mode. For example, if a user is in Global mode and another user tries to enter Global mode, the second user will get the following error message:

XSR#config

Configuration is currently locked by user admin. Please try later.

Also, in order to ensure that an administrator can always login to the router, one of the five permitted Telnet or SSH sessions is always reserved for the administrator.

That is, if the first four sessions are regular users, the fifth session will allow only the administrator to login. But if one of the first four is logged in as administrator, then the fifth session can be any user. You can also Telnet from the XSR to a server by using the telnet ip_address command. It is a useful utility for diagnostics. Be aware that the router will try to make a Telnet connection for 70 seconds.

Connecting via SSH

Secure Shell (SSH v2) encrypts the link to the XSR so it is a more secure alternative to Telnet for remote connections. To activate SSH, invoke the following commands:

Create a host key pair with crypto key dsa generate

Add an AAA user including a password and privilege level with aaa user, password and privilege 15. You can also create a user in the CLI database with the username command.

Enable SSH access with policy ssh

Enable local authentication with aaa client ssh

Load an SSH client application on your PC to connect with the XSR

Optionally, you can disable Telnet with ip telnet server disable for higher security

Optionally, if you are enabling the firewall feature set you can configure an Access Control List (ACL) to allow a single host SSH access to the XSR by entering these commands:

XSR(config)#access-list 100 permit tcp host 192.168.1.10 eq 22 XSR(config)#access-list 100 deny tcp any host 192.168.1.10 eq 22 XSR(config)#access-list 100 permit ip any XSR(config)#interface fastethernet 1

XSR(config-if<F1>)#ip access-group 100 in

XSR User’s Guide 2-3

Page 38 Page 40
Page 39
Image 39
Enterasys Networks X-PeditionTM manual Connecting via Telnet, Connecting via SSH, Terminal Commands
Page 38 Page 40