Cisco Systems 78-16019-02 Configuring Security Features, Configuring AAA, Configuring Accounting

Page 9

Chapter 3 Initial Configuration

Configuring Security Features

Configuring Security Features

The Cisco ONS 15530 supports the following Cisco IOS software security features:

•AAA (authentication, authorization, and accounting)

•Kerberos

•RADIUS

•TACACS+

•Traffic filters and firewalls

•Passwords and privileges

Configuring AAA

This section describes the AAA features supported by the Cisco ONS 15530.

Configuring Authentication

To configure AAA authentication, perform the following tasks:

Step 1 Enable AAA by using the aaa new-modelglobal configuration command.

Step 2 Configure security protocol parameters, such as RADIUS, TACACS+, or Kerberos if you are using a security server. Refer to the “Configuring RADIUS” chapter, the “Configuring TACACS+” chapter, or the “Configuring Kerberos” chapter in the Cisco IOS Security Configuration Guide.

Step 3 Define the method lists for authentication by using an AAA authentication command.

Step 4 Apply the method lists to a particular interface or line, if required.

Refer to the “ Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.

Configuring Authorization

The AAA authorization feature enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user's profile, which is located either in the local user database or on the security server, to configure the user's session. Once this is done, the user is granted access to a requested service only if the information in the user profile allows it.

Refer to the “ Configuring Authorization” chapter in the Cisco IOS Security Configuration Guide.

Configuring Accounting

The AAA accounting feature enables you to track the services that users are accessing and the amount of network resources that they are consuming. When AAA accounting is enabled, the network access server reports user activity to the TACACS+ or RADIUS security server (depending on which security


		Cisco ONS 15530 Configuration Guide and Command Reference
		Cisco ONS 15530 Configuration Guide and Command Reference
	78-16019-02, Cisco IOS Release 12.2(18)SV2			3-9
	78-16019-02, Cisco IOS Release 12.2(18)SV2			3-9

Image 9

Contents About the CPU Switch Module Initial ConfigurationYou can now begin configuring the CPU switch module Using the Console Ports, NME Ports, and Auxiliary PortsStarting Up the Cisco ONS You see the following user Exec promptEnable Password About PasswordsEnable Secret Password Modem SupportCommand Purpose Configuring IP Access on the NME InterfaceDisplaying the NME Interface Configuration Displaying the Operating Configurations Configuring the Host NameSwitch# configure terminal Switchconfig# hostname name Specifies a system nameSwitch# configure terminal Switchconfig# hostname ONS15530 ONS15530# copy systemrunning-config nvramstartup-configAbout NTP Displaying the NTP Configuration Configuring NTPCommand Example PurposeConfiguring AAA Configuring Security FeaturesConfiguring Authentication Configuring AuthorizationConfiguring Radius Configuring KerberosConfiguring TACACS+ Configuring Traffic Filters and FirewallsConfiguring Passwords and Privileges About CPU Switch Module Redundancy State Description CPU Switch Module State Transition DiagramRedundant Operation Requirements Configuring CPU Switch Module Redundancy Forcing a Switchover from Privileged Exec ModeRedundancy switch-activity force Switchover Forcing a Switchover from ROM Monitor ModeDisplaying the Autoboot Configuration Configuring AutobootSwitchconfig# config-register Bootflash filenameSynchronizing the Configurations Synchronizing Configurations ManuallyFollowing example shows the contents of the boot variable Switchconfig-red# no auto-sync running-config Filename When SynchronizedSwitchconfig-red# no auto-sync startup-config Enabling and Disabling Automatic SynchronizationShow redundancy running-config-file Configuring Maintenance ModeShow redundancy summary Show redundancy capabilityExamples Switch# show redundancy summarySwitch# show redundancy capability Following example shows the CPU switch module capabilitiesReloading the CPU Switch Modules Sby-Switch#show redundancy running-config-fileSwitch# redundancy reload peer Enables access to privileged Exec mode from Switchconfig-red# standby privilege-modeEnable Standby CPU switch module CLI. The default stateDown About the Software Configuration RegisterSoftware Configuration Register Settings 4describes each of the software configuration register bitsBit Number Hexadecimal Description Boot Field Values Bit Address nethostBit Baud Rate Boot Command Default System Boot Behavior7describes the values for the boot field Boot Field Value DescriptionVerify the Configuration Register Value Changing the Software Configuration RegisterSwitch# show version Displays the current configuration register valueConfiguring Fan Failure Shutdown Switchconfig# environment-monitor shutdown fanAbout Fan Failure Shutdown Switch# show environment Displaying the Fan Tray Failure Shutdown Configuration78-16019-02, Cisco IOS Release 12.218SV2