Firewall configuration for vrrp, Only (see, Firewall – Enterasys Networks Security Router X-PeditionTM User Manual

Page 419

Advertising
background image

Configuration Examples

XSR User’s Guide 16-33

Load the firewall configuration:

XSR(config)#ip firewall load

Globally enable the firewall. Even though you have configured and loaded the firewall, only
invoking the following command “turns on” the firewall. Once enabled, if you are remotely
connected, the firewall will close your session. Simply login again.

XSR(config)#ip firewall enable

Firewall Configuration for VRRP

This example briefly configures VRRP advertisements to be sent and received on a FastEthernet
interface. You must configure two networks and a filter for the VRRP protocol (# 112). It is
assumed you have already configured the VR and backup VR within the specified IP address
range. Enable multicasting in both directions on FastEthernet interface 2:

XSR(config-if<F2>)#ip firewall ip-multicast both

Configure the IP address of the firewall networks internal2 and vrrp, specifying a range between
80.0.0.1 and 80.255.255.254 and a multicasting host at 224.0.0.18/32, respectively. Finally, add a
policy allowing VRRP advertisements to pass between private and external networks.

XSR(config-ifF2>)#ip address 80.0.0.1/8
XSR(config)#ip firewall network internal2 80.0.0.0 mask 255.0.0.0 internal
XSR(config)#ip firewall network vrrp 224.0.0.18 mask 255.255.255.255 internal
XSR(config)#ip firewall filter mult2 internal2 vrrp protocol-id 112

Firewall Configuration for RADIUS Authentication and Accounting

The following sample configuration employs the RADIUS method for AAA authentication. The
commands in the section below configure Steel Belted RADIUS (SBR) as the RADIUS method, the
server’s IP address and encryption key, its RDIUS authentication and accounting ports (per
IANA), and all four client services. Also configured are the backup RADIUS server msradius with
one login attempt specified before the backup is accessed and five retransmit requests specified
for service, and reconfigured queue and timeout values.

XSR(config)#aaa method radius sbr default
XSR(aaa-method-radius)#backup msradius
XSR(aaa-method-radius)#address ip-address 10.10.10.1
XSR(aaa-method-radius)#key acevpnfqwe
XSR(aaa-method-radius)#client vpn
XSR(aaa-method-radius)#client telnet
XSR(aaa-method-radius)#client firewall
XSR(aaa-method-radius)#client ssh
XSR(aaa-method-radius)#auth-port 1812
XSR(aaa-method-radius)#acct-port 1813
XSR(aaa-method-radius)#attempts 1
XSR(aaa-method-radius)#retransmit 5
XSR(aaa-method-radius)#timeout 10
XSR(aaa-method-radius)#qtimeout 0

Configure RADIUS network objects:

XSR(config)#ip firewall network internal 10.10.10.0 mask 255.255.255.0 internal

Configure policies allowing RADIUS authentication and accounting:

Advertising
See also other documents in the category Enterasys Networks Hardware: