Cisco IOS-XR Telnet and SSH configuration

Every network node must be remotely managed. This can be either out of band, meaning you are coming to the node via a network dedicated to management traffic only. Or inband, which is over the same port and links used for the production traffic. Either way, there are 2 methods to gain remote access. Telnet and ssh, the latter is more secured as it is encrypted and therefore a recommended method.

In this example, I am sharing how to configure telnet and ssh access to Cisco IOS-XR nodes.

Telnet Configuration

Just as in ios based nodes, you need to set maximum allowed number of sessions for line vty. In ios-xr, you also have to set the max-servers.

telnet vrf default ipv4 server max-servers 5
!
control-plane
 management-plane
  inband
   interface all
    allow Telnet peer
     address ipv4 2.2.2.2

The last section starting from line 3 is my preferred method to harden the box and select which host or subnet can access my node via telnet. This is where I restrict access to the control and management planes, so the traffic destined to the node itself.

Another alternative is to add an ACL following the ‘max servers command”.

You would notice on line 7, I am allowing telnet. Here I can select whichever protocol I wish to permit or deny.  An example will follow in the section section.

SSH Configuration

The configuration for ssh consist in:

  1. Generating a crypto key
  2. Configuring ssh server
  3. Configuring control & Management planes.
ios-xr Generate-crypto-key-RSA
ios-xr Generate-crypto-key-RSA

For added information, checkout these 2 videos for ssh and telnet configuration.