Product specifications
Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-18 Efficient Networks
®
Disabling WAN Management
You can allow management of the router on the local LAN, but not over the WAN. If
the router has been configured to use Network Address Translation (NAT), you can
define two servers that do not exist on the LAN side to handle WAN SNMP and Telnet
requests, and thus WAN management of the router cannot occur.
The following example shows how this is done. It assumes there is no computer at
192.168.254.128.
-> system addserver 192.168.254.128 udp snmp
-> system addserver 192.168.254.128 tcp telnet
-> system addserver 192.168.254.128 tcp http
-> save
-> reboot
Secure Mode Access
Secure Mode is a feature that can restrict system access to the use of only secure
channels. The secure channels supported by the system are:
• IP Sec
• SSH
• CLI access through the serial port
IPSec (Internet Protocol Security) and SSH are Key Enabled Features that provide
the secure modes of IP-based connectivity allowed when secure mode access is
enabled. The serial port is considered secure, not by encryption, but by the ability to
physically secure access the router’s serial port.
Trusted and Untrusted Interfaces
Secure mode can be employed for the WAN interface, LAN interface or both. When
secure mode is enabled, an interface can be designated as trusted, indicating that
unsecure connections are allowed via the specified interface. Designating an
interface as untrusted will enforce the requirement of a secure channel for access via
the specified interface. By default, the WAN interface is untrusted and the LAN
interface is trusted.
Secure Mode Management
The following procedures are used to configure Secure Mode via the command line
interface, for configuration via the Web Management Interface, see “Secure Mode
Configuration” on page 8-23.