Cisco IOS-XR Telnet and SSH configuration
Every network node must be remotely managed. This can be either out of band, meaning you are coming to the node via a network dedicated to management traffic only. Or inband, which is over the same port and links used for the production traffic. Either way, there are 2 methods to gain remote access. Telnet and ssh, the latter is more secured as it is encrypted and therefore a recommended method.
In this example, I am sharing how to configure telnet and ssh access to Cisco IOS-XR nodes.
Telnet Configuration
Just as in ios based nodes, you need to set maximum allowed number of sessions for line vty. In ios-xr, you also have to set the max-servers.
telnet vrf default ipv4 server max-servers 5
!
control-plane
management-plane
inband
interface all
allow Telnet peer
address ipv4 2.2.2.2
The last section starting from line 3 is my preferred method to harden the box and select which host or subnet can access my node via telnet. This is where I restrict access to the control and management planes, so the traffic destined to the node itself.
Another alternative is to add an ACL following the ‘max servers command”.
You would notice on line 7, I am allowing telnet. Here I can select whichever protocol I wish to permit or deny. An example will follow in the section section.
SSH Configuration
The configuration for ssh consist in:
- Generating a crypto key
- Configuring ssh server
- Configuring control & Management planes.
Leave A Comment