Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
381382383384385386387388389390
XSR Users Guide 353
Chapter 13 Configuration Examples
Configuring Security on the XSR
XSR(aaa-method-radius)#address ip-address 10.10.10.1
XSR(aaa-method-radius)#key acevpnfqwe
XSR(aaa-method-radius)#client vpn
XSR(aaa-method-radius)#client telnet
XSR(aaa-method-radius)#client firewall
XSR(aaa-method-radius)#client ssh
XSR(aaa-method-radius)#auth-port 1812
XSR(aaa-method-radius)#acct-port 1813
XSR(aaa-method-radius)#attempts 1
XSR(aaa-method-radius)#retransmit 5
XSR(aaa-method-radius)#timeout 10
XSR(aaa-method-radius)#qtimeout 0
Configure RADIUS network objects:
XSR(config)#ip firewall network internal 10.10.10.0 mask
255.255.255.0 internal
Configure policies allowing RADIUS authentication and accounting:
XSR(config)#ip firewall policy radius internal internal
Radius allow bidirectional
XSR(config)#ip firewall policy RADIUSacct internal internal
Radius_ACCT allow bidirectional
Configuring Simple Security
The following configuration provides simple protection for the XSR. The
firewall feature set is not implemented.
First, perform standard port configuration:
XSR(config)#interface FastEthernet 1
XSR(config-if<F1>)#ip address 192.168.10.1 255.255.255.0
XSR(config-if<F1>)#no shutdown
XSR(config)#controller t1 0/2/0
XSR(config-controller<T1/2>)#no shutdown
XSR(config)#interface serial 2/0:0
XSR(config-if<S2/0:0>)#encapsulation ppp
XSR(config-if<S2/0:0>)#ip add 192.168.20.10 255.255.255.0
XSR(config-if<S2/0:0>)#no shutdown
Formulate access lists of allowed and prohibited network addresses: