Chapter 3 Initial Configuration
Configuring Security Features
Configuring TACACS+
To configure your router to support TACACS+, perform the following tasks:
Step 1 Use the aaa
Step 2 Use the
Step 3 Use the aaa authentication global configuration command to define method lists that use TACACS+ for authentication. Refer to the “ Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.
Step 4 Use line and interface commands to apply the defined method lists to various interfaces. Refer to the
“Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.
Step 5 If needed, use the aaa authorization global command to configure authorization for the network access server. Unlike authentication, which can be configured per line or per interface, authorization is configured globally for the entire network access server. Refer to the “ Configuring Authorization” chapter in the Cisco IOS Security Configuration Guide.
Step 6 If needed, use the aaa accounting command to enable accounting for TACACS+ connections. Refer to the “ Configuring Accounting” chapter in the Cisco IOS Security Configuration Guide.
Refer to the “Configuring TACACS+” chapter in the Cisco IOS Security Configuration Guide.
Configuring Traffic Filters and Firewalls
The Cisco ONS 15530 supports the traffic filter and firewall features provided by Cisco IOS.
Traffic filters provide basic traffic filtering capabilities with access control lists (also referred to as access lists). Access lists can be configured for all routed network protocols (IP, AppleTalk, and so on) to filter the packets of those protocols as the packets pass through a system. You can configure access lists on your Cisco ONS 15530 to control access to a network, preventing certain traffic from entering or exiting a network.
Firewalls are networking devices that control access to your organization's network assets. You can position firewalls to control access at the entrance points into your network. or to control access to a specific part of your network
Refer to the “Traffic Filtering and Firewalls” part in the Cisco IOS Security Configuration Guide.
Configuring Passwords and Privileges
Using passwords and assigning privilege levels is a simple way of providing terminal access control in your network. You can configure up to 16 different privilege levels and assign each level to a password. For each privilege level you define a subset of Cisco IOS commands that can be executed. You can use these different levels to allow some users the ability to execute all Cisco IOS commands, and to restrict other users to a defined subset of commands.
|
| Cisco ONS 15530 Configuration Guide and Command Reference |
|
| ||
|
|
| ||||
|
|
|
| |||
|
|
|
|