Thinklogical MX48 Router Manual User Manual

®

M X 4 8 R o u t e r P r o d u c t M a n u a l , R e v . F , D e c . 2 0 1 4

Page 48

Note:

It is recommended that the messages File be reviewed and any errors in the Partition

Table be corrected before implementing partitions on the MX Router. It is also recommended that
the Partitioning function be fully tested before implementing on the MX Router.

The Partitioning Tables files for the Router are stored on the Controller Card at the following location:

var/local/router/partition/upstream.csv

Partitioning function is disabled when Partitioning Table files are removed. By default, when there are no
partitioning files, all input and output ports will be partition 1. All MX Routers are shipped without
Partitioning Table files stored on the Controller card and therefore do not restrict any connection.

Note: When using a redundant Controller Card configuration, the Primary and Back-up

Controllers must have the same Partition Table files stored on each card.

To assure that both controllers are configured with the same files, run the following command(s) on the
Primary Controller:

F=/var/local/router/partition/upstream.csv ; ssh secondary cat $F | diff

–bq $F - && echo ‘Files Match’

F=/var/local/router/partition/downstream.csv ; ssh secondary cat $F | diff

–bq $F - && echo ‘Files Match’

(Note that the downstream.csv file is only required for the VX160 and VX320.)

If the files match, the command returns: Files Match

Note that the above commands should be re-run after any changes to the table files or when the SD card
has been changed.

Administration Access

There are only two methods by which the administrator can access the MX Router Controller
Configurations:

1. Using the serial console directly connected to the MX Router: It should be noted that, while

no administrator password is required to use the serial console (by default), physical access to
the router is required. Therefore, the router should be stored in a physically secure location to
avoid unauthorized access. The serial console can be configured to require an administrator
password that will assume the same security that is listed below, under “Password Security.”

2. Using SSH access: The router allows SSH connections to the router for management purposes.

SSH sessions are authenticated using an encrypted password file.

3. Password Security: For security purposes, the router defaults to using the Message-Digest

Algorithm (MD5) and shadow passwords. It is highly recommended that you do not alter
these settings. If you select the older Data Encryption Standard (DES) format, passwords will be
limited to eight alphanumeric characters (disallowing punctuation and other special characters)
with a modest 56-bit level of encryption. The single most important thing you can do to
protect the router is create a strong password.

4. Creating Strong Passwords: The password can contain up to 127 characters and cannot

contain a space.

MAKE THE PASSWORD AT LEAST EIGHT CHARACTERS LONG. The longer the password,
the more effective it will be. If you are using an MD5 password, it should be approximately 15
characters long. With DES passwords, use the maximum eight character length.