User`s guide
318 XSR User’s Guide
AAA Services Chapter 13
Configuring Security on the XSR
While most of these parameters are self-explanatory, the policy value is
important in specifying which system each user will be allowed to access on
the XSR. The module options are:
firewall, ssh, telnet, and vpn.. Their
intended functions are, as follows:
Telnet/Console: administrators and low-level Console users who will
use the standard serial connection application
SSH: users who will require a more secure Telnet-type connection
Firewall: users who will access the firewall
VPN: users who will tunnel in to the XSR
AAA users can be assigned to groups with the
aaa group top-level
command, which is sub-divided into
dns and wins server, ip pool, l2tp
and
pptp compression, pptp encrypt mppe, privilege, and policy sub-
commands to set that group’s respective parameters. Any users not
specifically assigned to a group are added to the
DEFAULT AAA group.
Policies can be set at both the user and group level but a user-level policy
overrides a user’s group-level policy.
Although AAA authentication is set by the service not the user, you can
override this rule by configuring a user with the @ (username@sbr.com). The
XSR checks if the @-configured user is configured before enabling the default
authentication service.
Refer to the following section to configure SSH or Telnet with AAA
authentication.
Connecting Remotely via SSH or Telnet with AAA Service
Perform the following commands to configure SSH or Telnet service:
1
Enter configure to acquire Configuration mode.
2 Enter crypto key master generate to create a master key.
3 Enter crypto key dsa generate to create a host key pair on the XSR.
When successful, this message will display: Keys are generated,
new connetions will use these keys for authentication
4 If you wish to connect using SSH, perform the following steps,
otherwise skip to Step 15 for Telnet configuration.