Telnet Security | NEC NWA-008869-001 instruction

CHAPTER 6 MANAGEMENT AND MAINTENANCE

TELNET SECURITY

TELNET SECURITY

The telnet-server ip enable or telnet-server ipv6 command permits all hosts connected to the In-Skin Rout- er to establish a connection. You can increase the security of telnet in two ways:

(1)Change the telnet port number

(2)Permit only a specific host to gain access with telnet

Changing the telnet port number

In this example, the port number 2323 is set.

Router # enable − config Enter

Router (config) # telnet − server ip port 2323 Enter

Router (config) #

Permitting only a specific host to gain access with telnet

In this example, only the source address “1.1.1.1/32” is permitted to gain access. “tokyo” is set as an access list name.

Router # enable − config Enter

Router (config) # ip access − list tokyo permit ip src 1.1.1.1/32 dest any Enter

Router (config) # telnet − server ip access − list tokyo Enter

Router (config) #

– 151 –	NWA-008869-001 Rev.1.0
	atch6001.fm

Image 161

NEC NWA-008869-001 manual Telnet Security, Changing the telnet port number, This example, the port number 2323 is set

Contents

NEC Corporation Liability Disclaimer Neax IPS Issue No Revision Sheet 3/3 This page Left Blank Intentionally Neax IPS Table of Contents Setting UP the LAN Ports for Suitable Communication Modes Table of Contents Config Management Outline of this Manual Purpose Appendix Specifications PBX System Designation Terms in this ManualTerminal Name DtermIP Inaset DtermSP20 DtermSP30 Reference Manual Chapter General Information System Outline Main Feature of In-Skin Router IPv6 over IPv4 IPv6/IPv4 Tunneling Broadband Service Support Broadband Service Support Network Connection Network Connection In-Skin Router Card Name and Function Card Name and Function Ethernet Connection System ConditionsDigital Private Line Connection Local Console Connection This page Left Blank Intentionally Chapter Installation Static Electricity Guard PrecautionsStatic Electricity Guard When Making a Switch Setting on a Circuit Card Installation MAT cable with 9 pin D-SUB Connector 2 m 79 inch MAT cable with 25 pin D-SUB Connector 2 m 79 inchRequired Equipment Required Equipment for In-Skin Router Installation Installation Procedure Installation Procedure END PN-CP24-A/PN-CP24-B Switch Settings of MP Card Lamp Color Function Name Green Remains lit while receiving clock signals to the PLO Switch Name Setting Function Check Number Position When using RS1 port for built-in Phase Locked OscillatorWhen using RS1 port for RS-232C SW1 Push SW For initializing CPU For clock source office SW4-3 SW4-4 SW4 Dip SW Battery backup OFF JP0 Jumper pin For normal operation Battery backup onFor using external hold tone source For using internal hold tone source PN-CP27-A Stby Red Remains lit while this card is a stand by mode Switch Name Setting Function Check Number Position SW2 Not used SW4 Dip SWMB Toggle SW For make-busy For normal operation Right Subconn Switch Settings of PN-RTA Card Red Remains lit when a trouble occurs Green On Operating power is on OFF Operating power is OFFOperating power is OFF Toggle SW Operating power is on For normal operation For aging Test Mode Piano Key SWNot used Super Reset Green Remains lit while WAN port is connected to the network Switch Settings of PZ-M649 Card Not used WAN port or T1 interface for PBX are Available Sent to the PLO1 input on MP card MHz clock Clock signal from When one DTI MP card will receive Is providedSwitch to the PLO1 DTI0 at its PLO0 Switch Settings of PZ-M650 Card Not used WAN port or E1 interface for PBX are Available DTI0 DTI1 DTI2 DTI7 Conditions Remarks Switch Settings of PN-24DTA-C Card All channels are idle Red Remains lit when detecting PCM signal lossRed Remains lit when detecting Frame Alignment signal loss Sense For normal operation Local loopback AIS send Sent to the PLO1 input on MP card Remote loopbackFor DS-1 SW1-3 on For DSX-1/Hong Kong/Taiwan SW1-3 OFF DS-1 T1 with CSU function Not used Piano Key SWDSX-1 T1 without CSU function MAS Jumper pin Clock Source Switch Settings of PN-30DTC-C Card Mfrm AP No SW-8 on SW-8 OFF SW No Source clock signal from network is not Balanced transmission For twisted-pair cable JPS Jumper pinLine impedance 75 Ω For coaxial cable Line impedance 120 Ω For twisted-pair cable JP1 Jumper pin Green Remains lit while LAN port is connected to the network Locations of Lamps and Connectors of PZ-M623 Card Taking off Screws Mounting PZ-M649 Card/PZ-M650 Card/PZ-M623 Card PN-RTA Card Mounting Slots Mounting PN-RTA CardRegular PIM PN-RTA card can be mounted in the AP00-AP11 slots of PIM0-7 PN-RTA card can be mounted in the AP00-AP10 slots of PIM0 PIM for Backup CPU System PN-RTA IP network Cable Connection LAN Cable Connection of PN-RTA Card Cable Connection of PZ-M649 Card PZ-M649 Digital private network T1 Cable Connection LTC0 LTC1 LTC2 LTC3 Location of AP Slots and LTC Connectors for PN-24DTA-C DTI Example of MDF Cross Connection for PN-24DTA-C DTI LTC1 J LTC1 P Cable Connection of PZ-M650 Card PZ-M650 Digital private network E1 Cable Connection Location of AP Slots and LTC Connectors for PN-30DTC-C DTI Example of MDF Cross Connection for PN-30DTC-C DTI LTC1 J LTC1 P PZ-M623 IP network Cable Connection LAN Cable Connection of PZ-M623 Card Connecting Local Console to PN-RTA Card Connecting Local Console to PN-RTA Card This page Left Blank Intentionally Chapter Basicoperations Various Explanations Error message that may be displayed during command entry Command EntryCommands Moving the cursor Editing characters on the command lineKEY Operations and Screen Displays Memo Upon a restart, the command history is cleared Calling previously entered commands Getting assistance in command entry Help functions Entering an abbreviation of a command Screen displays During command entry, note the followingUse of Ascii characters not including control characters Double quotation marks Modes Mode configurationMode Configuration From config mode to operation mode From operation mode to config mode From operation mode to login authentication logout Changing the In-Skin Router between different config modesFrom global config mode to interface or device config mode From interface or device config mode to global config mode Registering users and setting user rights Login and User RightsIf you have logged in with the administrator right User rights Changing passwords Erasing users Login Use of modes by more than one user Forced logout due to timeout Setting data and programs Setting Data and Program FilesSetting data Program Flash memory Locations used to store setting data and the programLocations Used to Store Setting Data At startup by turning on the power switch Startup config and running configStartup sequence Operation area Dram Self − diagnosis At a restart with the reload command At a restart with the restart command This page Left Blank Intentionally Chapter Initialization Initialization Procedure Execution of self − diagnosis Turning on the Power Registering Users and Setting Passwords Checking Setting For checking, use the show clock command Setting the Date and Time Setting and checking Setting Device Names Saving Saving Running Config Restarting with a command Restarting the IN-SKIN Router with a Command and Logging Turning OFF the Power to Terminate the IN-SKIN Router Setup method Setting UP the LAN Ports for Suitable COMMUNI- Cation ModesSetting the communication rate Setting the communication direction Check the settings with the show interfaces command Checking of the settings Setting up the 10BASE-T port Setting line attributes for a T1 Line Setting UP the WAN Private Line T1 Checking the status of interface Saving setting dataCheck the status of interface by show interface command Setting line attributes for an E1 Line Setting UP the WAN Private Line E1 107 Remote Console Setup for a Remote Console Setting the IP address Setting an IP address and validating the interface Checking the IP address Checking the settingsValidating the interface Checking that the interface is validated Starting up the telnet server Startup Checking the communication state 113 114 Chapter Examples of Setup On Networks Routing Setup Examples IPv4 Routing Setup Examples IPv4 Use the show ip route command to check the settings Setting a static route Starting RIP Setting RIP and RIPv2 Checking the routing table Routing Setup Example IPv6 Routing Setup Examples IPv6 Enabling automatic address setting Use the show ipv6 route command to check the settings Setting RIPng Starting RIPng PPPoE Setup Example PPPoE Setup Example Setting PPPoE Setup procedureSetting the route As the default route, specify the interface Ethernet0.1 Shutting down a PPPoE connection Setting the DNS server DTI Digital Private Line Network Example T1 Setting the digital private line T1 Setting DTI card Setting for router B Digital Private Line Network Example E1 Setting the digital private line E1 132 133 134 Chapter Management Maintenance Set an IP address Validate the interface Tftp Setup for File Management Saving with the write memory command Config Management Config management with text files Upgrading the Program Upgrading the Program Preparations Upgrading procedureSetting up network boot and saving the settings Downloading the new program file from the Tftp server Deleting the current program file Checking that the downloaded file is normal Deleting network boot settings and saving the new settings Restarting the router Enterprise traps four types Management with SnmpTypes of traps to be sent Community name Specifying a trap source interface Setting a community name and an access typeSetting the IP address of the trap destination Checking the settings Setting the type of trap to be sentSaving the settings Starting an Snmp agent Setting UP Event Information Collection Displaying event information on a console Setup for displayStarting the display of event information Stopping the display of event information Transferring event information to a syslog server Telnet Security Permitting only a specific host to gain access with telnetChanging the telnet port number This example, the port number 2323 is set Restarting with the reload command Restarting by turning the power switch OFF and back onRestarting procedure Use the reload command in operation mode Use the restart command in operation mode Restarting with the restart command Procedure for performing a super reset Super ResetTurning OFF the power switch Setting the Piano key switch Turn OFF the power switch Pwrsw to stop the In-Skin Router Turning on the power switch to start the device Setting bit 4 of the Piano key switch to OFF Chapter Troubleshooting If the Local Console Cannot be Used If a Remote Console Cannot be Used If no communication is possible If Communication is ImpossibleIf communication with a specific network is impossible If the boot monitor mode screen is displayed If the Alarm lamp on the PN-RTA card is litIf the IN-SKIN Router does not Start If none of the lamps on the PN-RTA card is lit LAN2 LAN1 Console Recovery procedure Use either the LAN1 port or LAN2 port of the PN-RTA card Collecting Fault Information If you want to erase all settings of config If YOU Want to Erase Config If SELF-DIAGNOSIS does not Terminates Normally Appendix Specifications Specifications Specifications This page Left Blank Intentionally