EasyManuals Logo

ELTEX ESR-3100 User Manual

Default Icon
650 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #108 background imageLoading...
Page #108 background image
ESR series service routers.ESR-Series. User manual
108
esr(config)# radius-server host 192.168.1.11
esr(config-radius-server)# key ascii-text encrypted 8CB5107EA7005AFF
esr(config-radius-server)# priority 100 esr(config-radius-server)# exit
esr(config)# radius-server host 192.168.2.12
esr(config-radius-server)# key ascii-text encrypted 8CB5107EA7005AFF
esr(config-radius-server)# priority 150
esr(config-radius-server)# exit
Configure AAA policy:
esr(config)# aaa authentication login CONSOLE radius local
esr(config)# aaa authentication login SSH radius
esr(config)# aaa authentication enable default radius enable
esr(config)# aaa authentication mode break
esr(config)# line console
esr(config-line-console)# login authentication CONSOLE
esr(config-line-console)# exit esr(config)# line ssh
esr(config-line-ssh)# login authentication SSH
esr(config-line-ssh)# exit
Configure logging:
esr(config)# logging userinfo
esr(config)# logging aaa
esr(config)#syslog cli-commands
7.5 Remote management configuration
For more information on remote access configuration commands, see SSH, Telnet access configuration in the
CLI command reference.
7.5.1 Recommendations
It is recommended to disable remote control via telnet.
It is recommended to use crypto-resistant sha2-512 authentication algorithms and disable all others.
It is recommended to use crypto-resistant aes256ctr encryption algorithms and disable all others.
It is recommended to use dh-group-exchange-sha256 crypto-proof encryption key exchange algorithm
and disable all others.
It is recommended to use crypto-resistant Host-Key verification algorithm for SSH rsa and disable all
others.
It is recommended to allow access to remote control of the device only from certain IP addresses;
It is recommended to regenerate the encryption keys before starting operation.
7.5.2 Configuration example
Objective:
Disable telnet. Generate new encryption keys. Use crypto-resistant algorithms.
Solution:
Disable remote telnet control:
esr(config)# no ip telnet server

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the ELTEX ESR-3100 and is the answer not in the manual?

ELTEX ESR-3100 Specifications

General IconGeneral
BrandELTEX
ModelESR-3100
CategoryNetwork Router
LanguageEnglish

Related product manuals