ELTEX ESR-100 - 5.2.2.5 Configuring remote connection to router

To Next Page

To Previous Page

ESR Series Routers Operation Manual 31

To ensure the correct IP address assigning for the interface, enter the following command when the

configuration is applied:

esr# show ip interfaces

IP address Interface Type

------------------- --------------------------------- -------

192.168.16.144/24 gigabitethernet 1/0/2.150 static

Provider may use dynamically assigned addresses in their network. If the there is DHCP server in the

network, you can obtain the IP address via DHCP protocol.

 Configuration example for obtaining dynamic IP address from DHCP server on GigabitEthernet

1/0/10 interface:

esr# configure

esr(config)# interface gigabitethernet 1/0/10

esr(config-if)# ip address dhcp enable

esr(config-if)# exit

To ensure the correct IP address assigning for the interface, enter the following command when the

configuration is applied:

esr# show ip interfaces

IP address Interface Type

------------------- --------------------------------- -------

192.168.11.5/25 gigabitethernet 1/0/10 DHCP

5.2.2.5 Configuring remote connection to router

In the factory configuration, remote access to the router may be established via Telnet or SSH from

the 'trusted' zone. To enable remote access to the router from other zones, e.g. from the public network,

you should create the respective rules in the firewall.

When configuring access to the router, rules should be created for the following pair of zones:

 source-zone—zone that the remote access will originate from

 self—zone which includes router management interface

Use the following commands to create the allowing rule:

esr# configure

esr(config)# security zone-pair <source-zone> self

esr(config-zone-pair)# rule <number>

esr(config-zone-rule)# action permit

esr(config-zone-rule)# match protocol tcp

esr(config-zone-rule)# match source-address <network object-group>

esr(config-zone-rule)# match destination-address <network object-group>

esr(config-zone-rule)# match source-port any

esr(config-zone-rule)# match destination-port <service object-group>

esr(config-zone-rule)# enable

esr(config-zone-rule)# exit

esr(config-zone-pair)# exit

 Example of commands that allow users from 'untrusted' zone with IP addresses in range 132.16.0.5-

132.16.0.10 to connect to the router with IP address 40.13.1.22 via SSH:

Main Page

ELTEX ESR-100 - 5.2.2.5 Configuring remote connection to router

Table of Contents

Other manuals for ELTEX ESR-100

Related product manuals