EN WLC
Дерево страниц

Сравнение версий

Старая версия 2

changes.mady.by.user Отдел Документации

Сохранено

по сравнению с

Новая версия 3

changes.mady.by.user Отдел Документации

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.

Оглавление
maxLevel4

ESR router factory configuration 

Якорь
#ESR_router_factory_configuration 
#ESR_router_factory_configuration 

The device is shipped to the consumer with the factory configuration installed that includes essential basic settings. Factory configuration allows using the router as a gateway with SNAT without applying any additional settings. Also, factory configuration contains settings that allow you to obtain network access to the device for advanced configuration.

Description of factory settings

To establish network connection, the configuration features 2 security zones named 'Trusted' for local area network and 'Untrusted' for public network. All interfaces are divided between two security zones:

...

Предупреждение

To enable network access to the router on the first startup, static IP address 192.168.1.1/24 has been configured on Bridge 1 interface.

...

Device connection and configuration

ESR series routers and WLC controllers are intended to perform border gateway functions and securing the user network when it is connected to public data networks.

...

Advanced settings depend on the requirements of the specific device application pattern and may be easily added or modified with the existing management interfaces.

Connection to the

...

device

There are several device connection options:

Ethernet LAN connection

Примечание

Upon the initial startup, the router device starts with the factory configuration. The factory configuration is described in the ESR router factory configuration section of this manual.

Connect the network data cable (patch cord) to any port within the 'Trusted' zone and to the PC intended for management tasks.

...

If IP address is not obtained for some reason, assign the interface address manually using any address except for 192.168.1.1 in 192.168.1.0/24 subnet.

RS-232 console port connection

Using RJ-45/DBF9 cable included into device delivery package, connect the router 'Console' port to the computer RS-232 port.

...

панель

Data rate: 115200 bps
Data bits: 8 bits
Parity: none
Stop bits: 1
Flow control: none

Applying the configuration change

Any changes made in the configuration will take effect only after applying the command:

...

  • <TIME> – time period of configuration confirmation pending, takes value in seconds [120..86400].

Basic

...

device configuration

Upon the first startup, the router device configuration procedure includes the following steps:

  • Changing password for "admin" user.
  • Creation of new users.
  • Assigning device name (Hostname).
  • Setting parameters for public network connection in accordance with the provider requirements.
  • Configuring remote connection to router.
  • Applying basic settings.

Changing password for 'admin' user

To ensure the secure system access, you should change the password for the privileged 'admin' user.

...

Блок кода
esr# configure
esr(config)# username admin
esr(config-user)# password <new-password>
esr(config-user)# exit

Creation of new users

Use the following commands to create a new system user or configure the username, password, or privilege level:

...

Блок кода
esr# configure
esr(config)# username fedor
esr(config-user)# password 12345678
esr(config-user)# privilege 15
esr(config-user)# exit
esr(config)# username ivan
esr(config-user)# password password
esr(config-user)# privilege 1
esr(config-user)# exit

Assigning device name

To assign the device name, use the following commands:

...

When a new configuration is applied, command prompt will change to the value specified by <new-name> parameter.

Configuration of public network parameters

To configure router network interface in the public network, you should assign parameters defined by the network provider – default IP address, subnet mask and gateway address – to the device.

Example of static IP address configuration commands for Gigabit Ethernet 1/0/2.150 sub-interface used for obtaining access to the router device via VLAN 150.

Interface parameters:

...

Блок кода
esr# show ip interfaces
IP address            Interface                           Type
-------------------   ---------------------------------   -------
192.168.11.5/25       gigabitethernet 1/0/10              DHCP

Configuring remote connection to

...

device

In the factory configuration, remote access to the router or controller may be established via Telnet or SSH from the 'trusted' zone. To enable remote access to the router or controller from other zones, e.g. from the public network, you should create the respective rules in the firewall.

When configuring access to the router or controller, rules should be created for the following pair of zones:

  • source-zone – zone that the remote access will originate from;
  • self – zone which includes router device management interface.

Use the following commands to create the allowing rule:

...

Example of commands that allow users from 'untrusted' zone with IP addresses in range 132.16.0.5-132.16.0.10 to connect to the router device with IP address 40.13.1.22 via SSH:

...