Telnet, Tcp -6 udp -6 telnet -6 ssh -6 – Enterasys Networks Security Router X-PeditionTM User Manual

General IP Features

5-6 Configuring IP

does not actually examine or store full routing tables sent by routing devices, it merely keeps track
of which systems are sending such data. Using IRDP, the XSR can specify both a priority and the
time after which a device should be assumed down if no further packets are received.

The XSR enables router discovery and associated values with the

ip irdp

command. The router

also supports the redirection of packets routed through the same port they were received on with
the

ip redirect

command.

TCP

The Transmission Control Protocol (TCP) is a transport layer language providing a connection-
oriented, reliable, byte-stream service described by RFC-793.

UDP

The User Datagram Protocol (UDP) is a simple, datagram-oriented, transport layer protocol where
each operation by a process produces exactly one UDP datagram, which causes one IP datagram
to be sent. RFC-768 describes UDP.

Telnet

Telnet provides a general, bi-directional, 8-bit byte-oriented communications facility that is
always enabled on the XSR. It is a standard method by which terminal devices and terminal-
oriented processes interface, as described by RFC-854. A Telnet connection is a TCP connection
used to transmit data with interspersed Telnet control data. Two entities compose a Telnet link:

•

A Telnet server is the host which provides some service

•

A Telnet user is the host which initiates communications

Telnet port (23) and server settings can be configured on the XSR with the

ip telnet port

and

ip telnet server

commands. You can also configure Telnet client service to other servers with

the

telnet ip_address

command. Refer to the XSR CLI Reference Guide for more information.

SSH

The Secure Shell (SSH) protocol provides for safe remote login and other network services on the
XSR. Along with a user-supplied client, the SSHv2 server allows you to establish a secure
connection, similar to that provided by an inbound Telnet connection with an important
exception.

Unlike Telnet, SSH encrypts the entire connection with the XSR to hide your identity, provides
data confidentiality via the negotiated choice of encryption types such as 3DES, and offers
message integrity through hashing using SHA-1 or other algorithms such as MD5 or crypto
library support for third-party encryption ciphers such as Blowfish, Twofish, AES, CAST and
ARCfour. Enabled (by default) on the CLI with the

ip ssh server

command, SSH is further

configured by specifying users, passwords, privilege level and policy with the

aaa user

,

password

,

privilege 15

and

policy

commands, the idle timeout interval for your SSH session

with the

session-timeout ssh

command, and user authentication with the

aaa

SSH command.

Upon configuring the XSR for the first time, you should generate a host key pair with the

crypto

key dsa

command, otherwise, if no key is generated, the default key is used for any connection

request. Generated host keys are encrypted and stored in the hostkey.dat file within Flash where
the file cannot be read or copied. All SSH connection requests use the host keys stored in the