background image

 

                                   ESR series routers 

 

    

17

 

IP address            Interface      Type       
-------------------   ------------   -------   
192.168.11.5/25       gi1/0/4 

    DHCP 

6.5.

 

Router remote configuration  

The default  configuration has a remote  access  to the  router  via Telnet or SSH protocols from the 

«trusted» 

zones. To permit remote access from the other zone (for example, WAN) you need to create 

corresponding rules in Firewall. 

Rules are created for couple zones when you configure the access to the router: 

 

source-zone

 – zone for realizing of the remote access; 

 

self 

– zone where router control interface is located. 

Use the next command to create feeding rule: 

esr-1000# 

configure

 

esr-1000(config)# 

security zone-pair <source-zone> self 

esr-1000(config-zone-pair)# 

rule <number>

 

esr-1000(config-zone-rule)# 

action permit

 

esr-1000(config-zone-rule)# 

match protocol tcp

 

esr-1000(config-zone-rule)# 

match source-address <network object-group>

 

esr-1000(config-zone-rule)# 

match destination-address <network object-group> 

esr-1000(config-zone-rule)# 

match source-port any

 

esr-1000(config-zone-rule)# 

match destination-port <service object-group>

 

esr-1000(config-zone-rule)# 

enable

 

esr-1000(config-zone-rule)# 

exit 

esr-1000(config-zone-pair)# 

exit

 

 

 

Command examples to permit connection to the router with IP-address 

40.13.1.22

 by SSH-protocol 

for user from 

«untrusted»

 zone with IP-addresses: 

132.16.0.5-132.16.0.10

 

esr-1000# 

configure 

esr-1000(config)# 

object-group network clients 

esr-1000(config-object-group-network)# 

ip address-range 132.16.0.5-132.16.0.10 

esr-1000(config-object-group-network)# 

exit

 

esr-1000(config)# 

object-group network gateway

 

esr-1000(config-object-group-network)# 

ip address-range 40.13.1.22

 

esr-1000(config-object-group-network)# 

exit

 

esr-1000(config)# 

object-group service ssh

 

esr-1000(config-object-group-service)# 

port-range 22

 

esr-1000(config-object-group-service)# 

exit

 

esr-1000(config)# 

security zone-pair untrusted self

 

esr-1000(config-zone-pair)# 

rule 10

 

esr-1000(config-zone-rule)# 

action permit

 

esr-1000(config-zone-rule)# 

match protocol tcp

 

esr-1000(config-zone-rule)# 

match source-address clients

 

esr-1000(config-zone-rule)# 

match destination-address gateway

 

esr-1000(config-zone-rule)# 

match source-port any

 

esr-1000(config-zone-rule)# 

match destination-port ssh

 

esr-1000(config-zone-rule)# 

enable

 

esr-1000(config-zone-rule)# 

exit

 

esr-1000(config-zone-pair)# 

exit 

Summary of Contents for ESR-100

Page 1: ...ESR series routers ESR 100 ESR 200 ESR 1000 ESR 1200 Quick start and installation guide Software version 1 2 0 ...

Page 2: ...tions are added Added descriptions of ESR 100 and ESR 200 Changes in chapters 2 Alternate design 4 Factory default model of the router 6 4 Settings of public network WAN parameters Version 1 2 11 06 2015 Firmware version Synchronization 1 0 5 Changes in chapters 2 4 Light indication 6 1 Administrator password reset Version1 1 16 03 2015 Synchronization with 1 0 4 firmware version Changes in chapte...

Page 3: ...ULT MODEL 13 5 ROUTER COMMAND LINE INTERFACE CONNECTION CLI 14 5 1 Ethernet local network connection 14 5 2 Connection through RS 232 console port 14 6 ROUTER BASIC SETTINGS 15 6 1 Administrator password reset 15 6 2 New user creation 15 6 3 Device name destination 16 6 4 WAN parameters settings 16 6 5 Router remote configuration 17 6 6 Basic setting application 18 6 7 Checking the adjustment 18 ...

Page 4: ...front panel The front panel of ESR 1200 is represented in figure 2 1 Figure 2 1 Front panel of ESR 1200 The list of connectors light indicators and controls that are located on the front panel of ESR 1200 are described in Table 2 1 Table 2 1 Description of connectors light indicators and controls located on the front panel of ESR 1200 Front panel element Description 1 SD SD card connector 2 USB1 U...

Page 5: ... controls located on the front panel of ESR 1000 Front panel element Description 1 SD SD card connector 2 USB1 USB device port 3 USB2 USB device port 4 XG1 XG2 10G SFP 1G SFP transceiver installation slots 5 1 24 24 Gigabit Ethernet 10 100 1000 Base T RJ 45 ports 6 Status Indicator of device s current state Alarm Existence and emergency level indicator of the device VPN Existence indicator of acti...

Page 6: ...e 2 Place for reserve power supply installation 3 Removable ventilation modules with hot swapping 4 Device earth bonding point Side panel Figure 2 4 ESR 1000 ESR 1200 right side panel Figure 2 5 ESR 1000 ESR 1200 left side panel Side panels of the device have air vents for heat removal Do not block air vents This may cause components overheating which may result in terminal malfunction You can fin...

Page 7: ...d connector 2 USB1 USB2 2 ports for USB device connection 3 1 4 4 ports for Gigabit Ethernet 10 100 1000 Base T RJ 45 4 Combo Ports 4 ports for Gigabit Ethernet 10 100 1000 Base X SFP 5 Power Device power indicator Status Currency device indictor Alarm Existence and emergency level indicator of the device Fan Emergency indicator of fans 6 F Functional key that reboots the device and resets it to f...

Page 8: ...on the back panel of ESR100 200 is described in Table 2 5 Table 2 5 Description of connectors located on back panel of ESR 100 ESR 200 Description 1 Device earth bonding point 2 Ventilation module ESR 100 and ESR 200 side panels Figure 2 9 ESR 100 and ESR 200 right side panels Figure 2 10 ESR 100 and ESR 200 left side panels ...

Page 9: ...cator is lit LINK ACT indicator is lit Ethernet interface state Off Off Port is disabled or connection is not established Off Solid on 10Mbps or 100Mbps connection is established Solid on Solid on 1000Mbps connection is established X Flashes Data transfer is in progress Table 2 7 SFP SFP interfaces states light indication Glowing of RX ACT indicator Glowing of TX ACT indicator Ethernet interface s...

Page 10: ...e power indicator Green Device power supply is proper Primary power supply if it is installed operates properly Orange Disability of primary power supply primary network fault or default Off Fault of the device internal power supplies Master Operation indicator in failover modes Fan Emergency indicator of fans Off All fans are operational Red One or more fans failed The cause of emergency may be f...

Page 11: ...olid on Solid on 1000Mbps connection is established X Flashes Data transfer is in progress Table 2 10 System indicator states Indicator names Indicator functions Indicator state Device state Status Currency device indicator Green Device operates properly Orange Device in software loading state Alarm Existence and device emergency level indicator 1 Power Device power indicator Green Device power su...

Page 12: ... is supposed to be connected to the switch console port the device should be also securely grounded 3 Connect the power supply cable to the device Depending on the delivery package the device can be powered by AC or DC electrical network To connect the device to AC power supply use the cable from the delivery package To connect the device to DC power supply use the cable with cross section not les...

Page 13: ...s by users from router Outgoing connections from the area to outside area are permitted The safety area includes the next interfaces ESR 100 GigabitEthernet1 0 2 4 ESR 200 GigabitEthernet1 0 2 8 ESR 1000 GigabitEthernet1 0 2 24 ESR 1200 GigabitEthernet1 0 2 16 TengigabitEthernet1 0 3 8 The area interfaces are integrated into one L2 segment by Bridge1 network bridge DHCP client for getting of dynam...

Page 14: ...ration Network interface of control computer should get network address from server during the connection If IP address is not received for any reason than you should manually set interface address by using any address in 192 168 1 0 24 subnet except 192 168 1 1 5 2 Connection through RS 232 console port Step 1 Connect Console port of the router to computer port by RJ 45 DB 9 cable that is include...

Page 15: ...0 config user exit 6 2 New user creation Use the following commands to create a new system user or configure the username password or privilege level esr 1000 config username name esr 1000 config user password password esr 1000 config user privilege privilege esr 1000 config user exit 1 9 privilege levels allow access to the device and view its operational status but deny its configuration 10 14 p...

Page 16: ... 1000 config interface gigabitethernet 1 0 2 150 esr 1000 config subif security zone untrusted esr 1000 config subif ip address 192 168 16 144 24 esr 1000 config subif exit esr 1000 config ip route 0 0 0 0 0 192 168 16 1 Enter the next command after applying of the configuration to check that the address was assigned to interface esr 1000 show ip interfaces IP address Interface Type 192 168 16 144...

Page 17: ...p esr 1000 config zone rule enable esr 1000 config zone rule exit esr 1000 config zone pair exit Command examples to permit connection to the router with IP address 40 13 1 22 by SSH protocol for user from untrusted zone with IP addresses 132 16 0 5 132 16 0 10 esr 1000 configure esr 1000 config object group network clients esr 1000 config object group network ip address range 132 16 0 5 132 16 0 ...

Page 18: ...ommand Use new network parameters specified by configuration for connection to the device and enter confirm command If you couldn t enter confirm command then the device configuration returns back into the previous state state before entering of the commit command after the end of the acknowledgment timer 6 7 Checking the adjustment Try to get access to the website http eltex nsk ru from the trust...

Page 19: ...a Str Phone 7 383 274 47 87 7 383 272 83 31 E mail techsupp eltex nsk ru In official website of the Eltex Ltd you can find technical documentation and software for products advert to knowledge base leave your interactive inquiry or ask for consultation from engineers of Service center in our technical forum http www eltex nsk ru en support downloads http www eltex nsk ru en search http www eltex n...

Reviews: