EasyManua.ls Logo

ELTEX ESR-3100 - Page 96

Default Icon
650 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
ESR series service routers.ESR-Series. User manual
96
esr# show ip interfaces
IP address Interface Type
------------------- --------------------------------- -------
192.168.16.144/24 gigabitethernet 1/0/2.150 static
Provider may use dynamically assigned addresses in their network. If the there is DHCP server in the network,
you can obtain the IP address via DHCP.
Configuration example for obtaining dynamic IP address from DHCP server on Gigabit Ethernet 1/0/10
interface:
esr# configure
esr(config)# interface gigabitethernet 1/0/10
esr(config-if)# ip address dhcp
esr(config-if)# exit
To ensure the correct IP address assigning for the interface, enter the following command when the
configuration is applied:
esr# show ip interfaces
IP address Interface Type
------------------- --------------------------------- -------
192.168.11.5/25 gigabitethernet 1/0/10 DHCP
Configuring remote connection to router
In the factory configuration, remote access to the router may be established via Telnet or SSH from the
'trusted' zone. To enable remote access to the router from other zones, e.g. from the public network, you
should create the respective rules in the firewall.
When configuring access to the router, rules should be created for the following pair of zones:
source-zone – zone that the remote access will originate from;
self – zone which includes router management interface.
Use the following commands to create the allowing rule:
esr# configure
esr(config)# security zone-pair <source-zone> self
esr(config-zone-pair)# rule <number>
esr(config-zone-rule)# action permit
esr(config-zone-rule)# match protocol tcp
esr(config-zone-rule)# match source-address <network object-group>
esr(config-zone-rule)# match destination-address <network object-group>
esr(config-zone-rule)# match destination-port <service object-group>
esr(config-zone-rule)# enable
esr(config-zone-rule)# exit
esr(config-zone-pair)# exit
Example of commands that allow users from 'untrusted' zone with IP addresses in range
132.16.0.5-132.16.0.10 to connect to the router with IP address 40.13.1.22 via SSH:

Table of Contents

Related product manuals