User`s guide

XSR User’s Guide 7

Chapter 2 Utilizing the Command Line Interface

Managing the XSR

That is, if the first four sessions are regular users, the fifth session will allow

only the administrator to login. But if one of the first four is logged in as

administrator, then the fifth session can be any user. You can also Telnet from

the XSR to a server by using the

telnet ip_address command. It is a useful

utility for diagnostics. Be aware that the router will try to make a Telnet

connection for 70 seconds.

Connecting via SSH

Secure Shell (SSH v2) encrypts the link to the XSR so it is a more secure

alternative to Telnet for remote connections. To activate SSH, invoke the

following commands:

 Create a host key pair with

crypto dsa generate

 Add an user with password and privilege level with aaa user,

password and privilege 15

 Enable SSH access wth policy ssh

 Enable local authentication with aaa client ssh

 Load an SSH client application on your PC to connect with the XSR

 Optionally, you can disable Telnet with

ip telnet server disable

for higher security

 Optionally, if you are enabling the firewall feature set you can

configure an Access Control List (ACL) to allow a single host SSH

access to the XSR by entering these commands:

XSR(config)#access-list 100 permit tcp host 192.168.1.10 eq 22

XSR(config)#access-list 100 deny tcp any host 192.168.1.10 eq 22

XSR(config)#access-list 100 permit ip any

XSR(config)#interface fastethernet 1

XSR(config-if<F1>)#ip access-group 100 in

PuTTY and other shareware programs are compatible with the XSR’s SSH

server.

Refer to the XSR Getting Started and CLI Reference guides for more details.