Cisco Systems 78-16019-02 manual Configuring TACACS+, Configuring Traffic Filters and Firewalls

Page 11

Chapter 3 Initial Configuration

Configuring Security Features

Configuring TACACS+

To configure your router to support TACACS+, perform the following tasks:

Step 1 Use the aaa new-modelglobal configuration command to enable AAA. AAA must be configured if you plan to use TACACS+. Refer to the “AAA Overview” chapter in the Cisco IOS Security Configuration Guide.

Step 2 Use the tacacs-server host command to specify the IP address of one or more TACACS+ daemons. Use the tacacs-server key command to specify an encryption key that is used to encrypt all exchanges between the network access server and the TACACS+ daemon. This same key must also be configured on the TACACS+ daemon.

Step 3 Use the aaa authentication global configuration command to define method lists that use TACACS+ for authentication. Refer to the “ Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.

Step 4 Use line and interface commands to apply the defined method lists to various interfaces. Refer to the

Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.

Step 5 If needed, use the aaa authorization global command to configure authorization for the network access server. Unlike authentication, which can be configured per line or per interface, authorization is configured globally for the entire network access server. Refer to the “ Configuring Authorization” chapter in the Cisco IOS Security Configuration Guide.

Step 6 If needed, use the aaa accounting command to enable accounting for TACACS+ connections. Refer to the “ Configuring Accounting” chapter in the Cisco IOS Security Configuration Guide.

Refer to the “Configuring TACACS+” chapter in the Cisco IOS Security Configuration Guide.

Configuring Traffic Filters and Firewalls

The Cisco ONS 15530 supports the traffic filter and firewall features provided by Cisco IOS.

Traffic filters provide basic traffic filtering capabilities with access control lists (also referred to as access lists). Access lists can be configured for all routed network protocols (IP, AppleTalk, and so on) to filter the packets of those protocols as the packets pass through a system. You can configure access lists on your Cisco ONS 15530 to control access to a network, preventing certain traffic from entering or exiting a network.

Firewalls are networking devices that control access to your organization's network assets. You can position firewalls to control access at the entrance points into your network. or to control access to a specific part of your network

Refer to the “Traffic Filtering and Firewalls” part in the Cisco IOS Security Configuration Guide.

Configuring Passwords and Privileges

Using passwords and assigning privilege levels is a simple way of providing terminal access control in your network. You can configure up to 16 different privilege levels and assign each level to a password. For each privilege level you define a subset of Cisco IOS commands that can be executed. You can use these different levels to allow some users the ability to execute all Cisco IOS commands, and to restrict other users to a defined subset of commands.

 

 

Cisco ONS 15530 Configuration Guide and Command Reference

 

 

 

 

 

 

78-16019-02, Cisco IOS Release 12.2(18)SV2

 

 

3-11

 

 

 

 

 

Image 11
Contents About the CPU Switch Module Initial ConfigurationYou see the following user Exec prompt Using the Console Ports, NME Ports, and Auxiliary PortsYou can now begin configuring the CPU switch module Starting Up the Cisco ONSModem Support About PasswordsEnable Password Enable Secret PasswordCommand Purpose Configuring IP Access on the NME InterfaceDisplaying the NME Interface Configuration Switchconfig# hostname name Specifies a system name Configuring the Host NameDisplaying the Operating Configurations Switch# configure terminalAbout NTP Switch# configure terminal Switchconfig# hostname ONS15530ONS15530# copy systemrunning-config nvramstartup-config Example Purpose Configuring NTPDisplaying the NTP Configuration CommandConfiguring Authorization Configuring Security FeaturesConfiguring AAA Configuring AuthenticationConfiguring Radius Configuring KerberosConfiguring Passwords and Privileges Configuring TACACS+Configuring Traffic Filters and Firewalls About CPU Switch Module Redundancy State Description CPU Switch Module State Transition DiagramRedundant Operation Requirements Redundancy switch-activity force Configuring CPU Switch Module RedundancyForcing a Switchover from Privileged Exec Mode Switchover Forcing a Switchover from ROM Monitor ModeBootflash filename Configuring AutobootDisplaying the Autoboot Configuration Switchconfig# config-registerFollowing example shows the contents of the boot variable Synchronizing the ConfigurationsSynchronizing Configurations Manually Enabling and Disabling Automatic Synchronization Filename When SynchronizedSwitchconfig-red# no auto-sync running-config Switchconfig-red# no auto-sync startup-configShow redundancy capability Configuring Maintenance ModeShow redundancy running-config-file Show redundancy summaryExamples Switch# show redundancy summarySwitch# show redundancy capability Following example shows the CPU switch module capabilitiesSwitch# redundancy reload peer Reloading the CPU Switch ModulesSby-Switch#show redundancy running-config-file Standby CPU switch module CLI. The default state Switchconfig-red# standby privilege-modeEnables access to privileged Exec mode from EnableDown About the Software Configuration RegisterBit Number Hexadecimal Description Software Configuration Register Settings4describes each of the software configuration register bits Bit Baud Rate Boot Field ValuesBit Address nethost Boot Field Value Description Default System Boot BehaviorBoot Command 7describes the values for the boot fieldDisplays the current configuration register value Changing the Software Configuration RegisterVerify the Configuration Register Value Switch# show versionAbout Fan Failure Shutdown Configuring Fan Failure ShutdownSwitchconfig# environment-monitor shutdown fan Switch# show environment Displaying the Fan Tray Failure Shutdown Configuration78-16019-02, Cisco IOS Release 12.218SV2