Table of Contents
Advertisement
Terminal Commands
If you want to display identification information about the current terminal connection, issue the
show whoami
more information on commands.
Connecting via Telnet
Once the XSR is properly configured with a valid IP address, you can remotely connect to the CLI
via Telnet using the default user admin with no password. Later, you can create users with the
username
command.
Although up to five concurrent Telnet/SSH and one Console sessions are supported, if more than
one session is running simultaneously (including the Console session), only one session permits
configuration changes. Any other session could only view configuration settings. This prohibition
applies to all commands that make changes to the configuration and is limited to Global mode.
For example, if a user is in Global mode and another user tries to enter Global mode, the second
user will get the following error message:
XSR#config
Configuration is currently locked by user admin. Please try later.
Also, in order to ensure that an administrator can always login to the router, one of the five
permitted Telnet or SSH sessions is always reserved for the administrator.
That is, if the first four sessions are regular users, the fifth session will allow only the
administrator to login. But if one of the first four is logged in as administrator, then the fifth
session can be any user. You can also Telnet from the XSR to a server by using the
ip_address
make a Telnet connection for 70 seconds.
Connecting via SSH
Secure Shell (SSH v2) encrypts the link to the XSR so it is a more secure alternative to Telnet for
remote connections. To activate SSH, invoke the following commands:
•
Create a host key pair with
•
Add an AAA user including a password and privilege level with
privilege 15.
•
Enable SSH access with
•
Enable local authentication with
•
Load an SSH client application on your PC to connect with the XSR
•
Optionally, you can disable Telnet with
•
Optionally, if you are enabling the firewall feature set you can configure an Access Control List
(ACL) to allow a single host SSH access to the XSR by entering these commands:
XSR(config)#access-list 100 permit tcp host 192.168.1.10 eq 22
XSR(config)#access-list 100 deny tcp any host 192.168.1.10 eq 22
XSR(config)#access-list 100 permit ip any
XSR(config)#interface fastethernet 1
XSR(config-if<F1>)#ip access-group 100 in
command. Refer to the XSR Getting Started Guide and XSR CLI Reference Guide for
command. It is a useful utility for diagnostics. Be aware that the router will try to
crypto key dsa generate
You can also create a user in the CLI database with the
policy ssh
aaa client ssh
ip telnet server disable
Utilizing the Command Line Interface
telnet
aaa user
,
password
username
command.
for higher security
XSR User's Guide 2-3
and
Advertisement
Table of Contents
Troubleshooting
