Cisco Systems Cisco ONS 15310-MA, ONS 15310-CL manual Displaying the Radius Configuration, 16-20

Page 218

Chapter 16 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

 

Command

Purpose

Step 3

 

 

Router (config)# radius-server key string

Specify the shared secret text string used between the

 

 

ML-Series card and the vendor-proprietary RADIUS

 

 

server. The ML-Series card and the RADIUS server

 

 

use this text string to encrypt passwords and

 

 

exchange responses.

 

 

Note The key is a text string that must match the

 

 

encryption key used on the RADIUS server.

 

 

Leading spaces are ignored, but spaces within

 

 

and at the end of the key are used. If you use

 

 

spaces in your key, do not enclose the key in

 

 

quotation marks unless the quotation marks

 

 

are part of the key.

Step 4

 

 

Router (config)# end

Return to privileged EXEC mode.

Step 5

 

 

Router# show running-config

Verify your settings.

Step 6

 

 

Router# copy running-config startup-config

(Optional) Save your entries in the configuration file.

 

 

 

To delete the vendor-proprietary RADIUS host, use the no radius-server host {hostname ip-address} non-standardglobal configuration command. To disable the key, use the no radius-server key global configuration command.

This example shows how to specify a vendor-proprietary RADIUS host and to use a secret key of rad124 between the ML-Series card and the server:

Switch(config)# radius-server host 172.20.30.15 nonstandard

Switch(config)# radius-server key rad124

Displaying the RADIUS Configuration

To display the RADIUS configuration, use the show running-configprivileged EXEC command.

 

 

 

Cisco ONS 15310-CL, ONS 15310-MA, and ONS 15310-MA SDH Ethernet Card Software Feature and Configuration Guide, R9.1 and R9.2

 

 

 

 

16-20

78-19415-01

 

 

 

Page 217 Page 219
Image 218
Page 217 Page 219
Contents Americas Headquarters Text Part NumberPage N T E N T S IiiExit Getting Help Bridge ID, Switch Priority, and Extended System ID Ieee 802.1Q Tunneling and Compatibility with Other Features Configuring Encapsulation over EtherChannel or POS Channel ViiMonitoring and Verifying QoS Configuration ViiiRPR QoS Displaying the Radius Configuration CE-100T-8 Loopback, J1 Path Trace, and Sonet Alarms Providing Data to Your Technical Support Representative C-3 Xii12-11 11-511-6 12-1217-18 Xiv17-5 12-4 10-512-3 12-5Xvi This section provides the following information PrefaceRevision History DateRelated Documentation Document ObjectivesAudience XviiiBoldface Document ConventionsConvention Application ItalicBewaar Deze Instructies Warnung Wichtige SicherheitshinweiseXxi Avvertenza Importanti Istruzioni Sulla SicurezzaAviso Instruções Importantes DE Segurança Xxii GEM Disse Anvisninger XxiiiXxiv Cisco Optical Networking Product Documentation CD-ROM Where to Find Safety and Warning InformationObtaining Optical Networking Information XxvXxvi Overview of the ML-Series Card ML-Series Card DescriptionML-Series Feature List IRBBundling the two POS ports LEX encapsulation only GFP-F Framing Key ML-Series FeaturesCisco IOS Cisco IOS Release 12.228SVLink Aggregation FEC and POS RmonTL1 ML-Series POS Statistics Fields and Buttons CTC Operations on the ML-Series CardDisplaying ML-Series POS Statistics in CTC RefreshML-Series Ethernet Statistics Fields and Buttons Displaying ML-Series Ethernet Statistics in CTCButton Description CTC Provisioning Sonet Circuits Displaying Sonet AlarmsDisplaying J1 Path Trace Page 78-19415-01 Cisco IOS on the ML-Series Card Initial Configuration of the ML-Series CardHardware Installation Opening a Cisco IOS Session Using CTC Telnetting to the Node IP Address and Slot NumberTelnetting to a Management Port CTC Node View Showing IP AddressRJ-11 to RJ-45 Console Cable Adapter Connecting a PC or Terminal to the Console PortML-Series IOS CLI Console Port RJ-11 Pin RJ-45 PinStartup Configuration File Command Purpose PasswordsConfiguring the Management Port Router enableConfiguring the Hostname NvramLoading a Cisco IOS Startup Configuration File Through CTC Click the IOS startup config buttonCisco IOS Command Modes Database Restore of the Startup Configuration FileInterface fastethernet 0 for Mode What You Use It For How to Access PromptEnter the configure terminal Enter the line consoleExit Using the Command ModesRouter# configure ? Getting Help78-19415-01 Configuring Bridging on the ML-Series Card Understanding BridgingConfiguring Bridging Monitoring and Verifying Bridging Example 4-1 MLSeries a ConfigurationExample 4-2 MLSeries B Configuration Bridge irb Bridge 1 protocol ieeeBridge-group-number restricts the spanning tree information For any statically configured forwarding entriesDisplays detailed information about spanning tree To specific bridge groupsPage 78-19415-01 MAC Addresses Configuring Interfaces on the ML-Series CardGeneral Interface Guidelines Interface Port ID MLSeries# show interfaces fastethernetMLSeriesconfig# interface fastethernet number Basic Interface ConfigurationMLSeries# configure terminal Basic Fast Ethernet and POS Interface Configuration Configuring the Fast Ethernet InterfacesConfiguring the POS Interfaces Monitoring Operations on the Fast Ethernet Interfaces HdlcExample 5-3 show controller Command Output Bridge-group 2 spanning-disabled end Example 5-4 show run interface Command OutputBuilding configuration Current configuration 222 bytes Ucode dropsAvailable Circuit Sizes and Combinations Configuring POS on the ML-Series CardUnderstanding POS on the ML-Series Card Ccat High Order Vcat High Order J1 Path Trace, and Sonet AlarmsLcas Support Mbps STS-1 STS-1-1v STS-1-2vGFP-F Framing Hdlc Framing Encapsulations LEX default Cisco HdlcCRC Sizes Bit default None FCS disabled PPP/BCPFraming mode changes on POS ports are Configuring the POS InterfaceConfiguring POS Interface Framing Mode Allowed only when the interface is shut downForm of the command sets the framing mode Sets the framing mode employed by the ONSNot a keyword choice in the command. The no GFP default-The ML-Series card supportsHdlc-Cisco Hdlc Sonet AlarmsLex-default LAN extension Cisco-EoS-LEX, special encapsulation forAll -All alarms/signals Configuring Sonet AlarmsConfiguring Sonet Delay Triggers Monitoring and Verifying POS Input Short packets ?? pre-encap bytes 283 CCAT/VCAT info not available yetInput Packets Input drop packets78-19415-01 These sections describe how the spanning-tree features work Configuring STP and Rstp on the ML-Series CardSTP Features Bridge Protocol Data Units STP OverviewSupported STP Instances Election of the Root Switch Switch Priority Value Bridge ID, Switch Priority, and Extended System IDSpanning-Tree Timers BitCreating the Spanning-Tree Topology Spanning-Tree Interface StatesBlocking State Spanning-Tree Interface StatesLearning State Disabled StateListening State Forwarding StateSpanning Tree and Redundant Connectivity Spanning-Tree Address ManagementSTP and Ieee 802.1Q Trunks Learns addresses Does not receive BPDUsSupported Rstp Instances Rstp FeaturesAccelerated Aging to Retain Connectivity Port State Comparison Port Roles and the Active TopologyIs Port Included Rapid Convergence Synchronization of Port Roles Proposal and Agreement Handshaking for Rapid ConvergenceRstp Bpdu Flags Bridge Protocol Data Unit Format and ProcessingBit Function Processing Inferior Bpdu Information Topology ChangesProcessing Superior Bpdu Information Configuring STP and Rstp Features Interoperability with Ieee 802.1D STPDisabling STP and Rstp Default STP and Rstp ConfigurationFeature Default Setting Port-channel-number Configuring the Root SwitchConfiguring the Port Priority Configuring the Path Cost Configuring the Switch Priority of a Bridge GroupConfiguring the Hello Time Verifying and Monitoring STP and Rstp Status Configuring the Forwarding-Delay Time for a Bridge GroupConfiguring the Maximum-Aging Time for a Bridge Group Displays detailed STP or Rstp information Commands for Displaying Spanning-Tree StatusExample 7-1 show spanning-tree Commands Displays brief summary of STP or Rstp information78-19415-01 Configuring VLANs on the ML-Series Card Understanding VLANsConfiguring Ieee 802.1Q Vlan Encapsulation Optional Saves your configuration changes to Ieee 802.1Q Vlan ConfigurationReturns to privileged Exec mode MLSeriesconfig-subif# endBridging Ieee 802.1Q VLANs No ip routingML-Series#show vlans Example 8-2 Output for show vlans CommandMonitoring and Verifying Vlan Operation Bridging78-19415-01 Understanding Ieee 802.1Q Tunneling Ieee 802.1Q Tunnel Ports in a Service-Provider Network FCS Configuring an Ieee 802.1Q Tunneling Port Configuring Ieee 802.1Q TunnelingIeee 802.1Q Tunneling and Compatibility with Other Features Example 9-1 MLSeries a Configuration Untagged will be switched based on this bridge-group. OtherDisplays the tunnel ports on the switch Ieee 802.1Q ExampleVLAN-Transparent Service Versus VLAN-Specific Services VLAN-Transparent Services VLAN-Specific ServicesExample 9-2 MLSeries B Configuration Interface FastEthernet0 Example 9-3 ML-Series Card a ConfigurationExample 9-3applies to ML-Series card a Example 9-4applies to ML-Series card B Example 9-4 ML-Series Card B ConfigurationExample 9-5 ML-Series Card C Configuration Example 9-5applies to ML-Series card CNo ip address Configuring Layer 2 Protocol TunnelingUnderstanding Layer 2 Protocol Tunneling 2shows the default Layer 2 protocol tunneling configuration Default Layer 2 Protocol Tunneling ConfigurationLayer 2 Protocol Tunneling Configuration Guidelines Default Layer 2 Protocol Tunneling ConfigurationConfiguring Layer 2 Tunneling on a Port Configuring Layer 2 Tunneling Per-VLAN Monitoring and Verifying Tunneling Status10-1 Configuring Link Aggregation on the ML-Series CardUnderstanding Link Aggregation 10-2 Configuring Link AggregationConfiguring Fast EtherChannel 10-3 EtherChannel Configuration ExampleCisco IOS Configuration Fundamentals Configuration Guide Configuring POS Channel 10-4POS Channel Configuration Example 10-510-6 Configuring Encapsulation over EtherChannel or POS ChannelUnderstanding Encapsulation over FEC or POS Channel Encapsulation over EtherChannel Example Configuration mode and enable otherSupported interface commands to meet Your requirements10-8 Example 10-6 MLSeries B ConfigurationMonitoring and Verifying EtherChannel and POS Hostname MLSeriesB Bridge irbMLSeries# show int port-channel Example 10-7 show interfaces port-channel Command10-9 10-10 Understanding Integrated Routing and Bridging Configuring IRB on the ML-Series CardCisco IOS Command Reference publication 11-1Configuring IRB 11-2IRB Configuration Example 11-3Monitoring and Verifying IRB Example 11-1 Configuring MLSeries aExample 11-2 Configuring MLSeries B 11-411-5 Field Description 11-6Configuring Quality of Service on the ML-Series Card 12-1Priority Mechanism in IP and Ethernet IP Precedence and Differentiated Services Code PointUnderstanding QoS 12-2Ethernet CoS 12-312-4 ML-Series QoSClassification 12-5 PolicingMarking and Discarding with a Policer 12-6 QueuingScheduling Control Packets and L2 Tunneled Protocols 12-7QinQ Implementation Egress Priority MarkingIngress Priority Marking 12-812-9 QoS on RPRFlow Control Pause and QoS 12-10 Configuring QoSCreating a Traffic Class Creating a Traffic Policy 12-11Class class-map-name no class class-map-name Syntax of the class command isPolicy-map policy-nameno policy-map policy-name Maximum of 40 alphanumeric characters12-13 Command 12-14Attaching a Traffic Policy to an Interface 12-15Displays all configured traffic policies Monitoring and Verifying QoS ConfigurationConfiguring CoS-Based QoS Traffic classQoS Configuration Examples 12-1712-18 Traffic Classes Defined ExampleTraffic Policy Created Example Example 12-8 Class Map SPR Interface Command Example Example 12-6 Class Map Match All Command ExampleExample 12-7 Class Map Match Any Command Example Match spr1 Interface ExampleML-Series Policing Example Example 12-9 ML-Series VoIP CommandsML-Series VoIP Example 12-20Routerconfig# policy-map policef0 Example 12-10 ML-Series Policing CommandsRouterconfig# class-map match-all policer ML-Series CoS-Based QoS ExampleMLSeriesBconfig# cos commit 12-22Default Multicast QoS 12-2312-24 Configuring Multicast Priority Queuing QoSMulticast Priority Queuing QoS Restrictions 12-25 12-26 QoS not Configured on EgressML-Series Egress Bandwidth Example Bandwidth Crc Service-policy output policyegressbandwidth12-27 Statistics Collected Interface Subinterface Vlan Understanding CoS-Based Packet StatisticsFast Ethernet 12-28Configuring CoS-Based Packet Statistics 12-29MLSeries# show interface fastethernet 0 cos Understanding IP SLA12-30 MLSeries# show interface pos0 cos12-31 IP SLA on the ML-SeriesIP SLA Restrictions on the ML-Series 12-32 Understanding the SDM 13-1Understanding SDM Regions Configuring SDMDefault Size Lookup TypeTask Command Configuring SDM RegionsConfiguring Access Control List Size in Tcam Monitoring and Verifying SDMMAC Addr 8192 64-bit Access List 300 64-bit13-4 ML-Series ACL Support Configuring Access Control Lists on ML-Series CardUnderstanding ACLs 14-1User Guidelines IP ACLsNamed IP ACLs 14-214-3 Creating IP ACLsCreating Numbered Standard and Extended IP ACLs Applying the ACL to an Interface Creating Named Standard IP ACLsCreating Named Extended IP ACLs Control Plane Only 14-414-5 Controls access to an interfaceModifying ACL Tcam Size Applying ACL to Interface14-6 15-1 Configuring Resilient Packet Ring on ML-Series CardUnderstanding RPR 15-2 Role of Sonet CircuitsPacket Handling Operations Ring Wrapping 15-3RPR Framing Process 15-415-5 DA-MAC and 0x00 for Unknown DA-MACRPR as the source RPR Frame for ML-Series CardRPR QoS Configuring RPRMAC Address and Vlan Support CTM and RPR15-7 Configuring CTC Circuits for RPRCTC Circuit Configuration Example for RPR 15-8 Three-Node RPR Example15-9 Immediate delayed Configures a station ID. The user must configure aOptional Sets the RPR ring wrap mode to either wrap 15-10Assigning the ML-Series Card POS Ports to the SPR Interface 15-1115-12 15-13 Example 15-2 SPR Station-ID 2 Configuration RPR Cisco IOS Configuration ExampleExample 15-1 SPR Station-ID 1 Configuration 15-1415-15 CRC Threshold Configuration and DetectionExample 15-3 SPR Station-ID 3 Configuration Example 15-4 Example of show interface spr 1 Output Monitoring and Verifying RPR15-16 Example 15-5 Example of show run interface spr 1 OutputAdd an ML-Series Card into an RPR 15-1715-18 Three-Node RPR After the AdditionAdding an ML-Series Card into an RPR 15-19Cisco ONS 15454 Procedure Guide 15-20Endpoint of the second newly created circuit Stop. You have completed this procedureDelete an ML-Series Card from an RPR 15-2115-22 10 Two-Node RPR After the DeletionDeleting an ML-Series Card from an RPR 15-23Routerconfig-if# no 15-24Redundant Interconnect Cisco Proprietary RPR KeepAliveCisco Proprietary RPR Shortest Path 15-26 16-1 Configuring Security for the ML-Series CardUnderstanding Security Secure Shell on the ML-Series Card Secure Login on the ML-Series CardDisabling the Console Port on the ML-Series Card Understanding SSHSetting Up the ML-Series Card to Run SSH Configuring SSHConfiguration Guidelines This section has configuration information16-4 16-5 Displaying the SSH Configuration and StatusConfiguring the SSH Server 16-6 Radius Relay ModeRadius on the ML-Series Card 16-7 Radius Stand Alone ModeConfiguring Radius Relay Mode 16-8 Configuring RadiusUnderstanding Radius 16-9 Default Radius ConfigurationIdentifying the Radius Server Host 16-10 Router config# aaa new-model Enable AAA Configuring AAA Login AuthenticationRouter# configure terminal Enter global configuration mode Switchconfig# radius-server host host116-12 Router config# aaa authenticationRouter config# line console tty Defining AAA Server Groups Router config# end Return to privileged Exec modeRouter# show running-config Verify your entries 16-13Router config-sg-radius# end Router config# aaa group serverRouter config-sg-radius# server Router # show running-configRadius Switchconfig# aaa new-modelSwitchconfig-sg-radius# exit 16-15Starting Radius Accounting 16-1616-17 Configuring a nas-ip-address in the Radius PacketConfiguring Settings for All Radius Servers Marked as dead, the skipping will not take place Default is 0 the range is 1 to 1440 minutesDeadtime minutes 16-18Ip-addressnon-standard Send accounting authenticationRouter config# radius-server host hostname 16-19Displaying the Radius Configuration 16-20Section topics include CE-Series Ethernet CardsCE-100T-8 Ethernet Card 17-1Autonegotiation, Flow Control, and Frame Buffering CE-100T-8 Ethernet FeaturesCE-100T-8 Overview SonetEthernet Link Integrity Support 17-3Enhanced State Model for Ethernet and Sonet Ports 17-417-5 Default NoneIeee 802.1Q CoS and IP ToS Queuing IP ToS Priority Queue Mappings17-6 Rmon and Snmp SupportStatistics and Counters Ccat High Order Vcat High Order Vcat Low Order CE-100T-8 Sonet Circuits and FeaturesAvailable Circuit Sizes and Combinations Number of STS-3c Circuits Maximum Number of STS-1 Circuits7x=1-12 6x=1-14 5x=1-16 =1-21 CE-100T-8 STS/VT Allocation TabMaximum Number of STS-1-2v Circuits 17-817-9 CE-100T-8 STS/VT Allocation Tab17-10 CE-100T-8 Vcat CharacteristicsCE-100T-8 POS Encapsulation, Framing, and CRC CE-100T-8 Loopback, J1 Path Trace, and Sonet Alarms 17-1117-12 CE-MR-6 Ethernet CardCE-MR-6 Overview 17-13 CE-MR-6 Ethernet FeaturesCisco ONS 15310 Procedure Guide 17-14 Flow ControlEthernet Drop and Continue Circuit 17-15Cisco ONS 15310-CL and Cisco ONS 15310-MA Reference Manual 17-1617-17 17-18 Snmp MIBs Supported 17-1917-20 CE-MR-6 Circuits and FeaturesSupported Cross-connects Supported Sonet Circuit Sizes of CE-MR-6 on ONS Vcat High Order Vcat Low Order17-21 Minimum Sonet Circuit Sizes for Ethernet SpeedsSTS Circuit Combinations VT Circuits 17-2217-23 CE-MR-6 Vcat CharacteristicsCE-MR-6 Pool Allocation 17-24 CE-MR-6 Loopback, J1 Path Trace, and Sonet AlarmsCE-MR-6 POS Encapsulation, Framing, and CRC 17-25 17-26 Command Reference for the ML-Series Card Ieee Related Commands bridge-groupDrpri-rstp RstpRouter# clear counters Related Commands show interfaceClear counters Clock summertime Syntax Description Defaults Command Modes Usage GuidelinesNo clock auto Clock timezoneDefaults Command Modes Interface sprMLSeriesconfig # int pos0 MLSeriesconfig-if # shutdown No pos mode gfp fcs-disabledRelated Commands shutdown MLSeriesconfig-if # pos mode gfp fcs-disableNo pos pdi holdoff time Gatewayconfig# int pos0 Gatewayconfig-if# pos report all No pos report alarmRelated Commands Pos trigger defectsGatewayconfig# int pos0 Syntax Description DefaultsRelated Commands pos trigger delay Non pos trigger defects conditionDefault value is 200 milliseconds No pos trigger delay timeTime Delay time in milliseconds, 200 to Command is 50 millisecondsParameter Description No pos vcat defect immediate delayedDelayed ImmediateShow controller pos interface-numberdetails MLSeries# show controller pos 0 Interface POS0Related Commands show interface pos Clear counters Show interface pos interface-number Use this command to display the status of the POS interfaceRelated Commands show controller pos Clear counters Show ons alarm MLSeries# show ons alarm78-19415-01 Sts EqptPort VcgMLSeries# show ons alarm defect sts STS DefectsML-Series#show ons alarm failure port MLSeries# show ons alarm failure eqptEquipment Alarms Active RUNCFG-SAVENEED MLSeries# show ons alarm failure sts Assigns the POS interface to the SPR interface Interface spr Spr station-id Spr wrapAuto Related Commands interface sprNo spr load-balance auto port-based Port-basedFollowing example sets an ML-Series card SPR station ID to Configures a station IDDefaultsN/A Spr-intf-id Spr wrapMLSeriesconfig-if# spr wrap delayed Spr wrap immediate delayedWraps RPR traffic after the carrier delay time expires Interface spr Spr-intf-id Spr station-idUnsupported Global Configuration Commands Unsupported CLI Commands for the ML-Series CardUnsupported Privileged Exec Commands 78-19415-01 Unsupported POS Interface Configuration Commands Unsupported FastEthernet Interface Configuration Commands Unsupported Port-Channel Interface Configuration Commands Unsupported BVI Interface Configuration Commands Rate-limit Random-detect Timeout Tx-ring-limitUsing Technical Support Gathering Information About Your InternetworkGetting the Data from Your ML-Series Card Providing Data to Your Technical Support Representative 78-19415-01 IN-1 IN-2 IS,AINSCE-MR-6 IN-3 CRC IN-4Rstp STP DscpRstp IN-5IN-6 See also framingGFP-F Lcas IN-7RPR RPR SnmpTL1 IN-8POS IN-9IN-10 Radius RPRRmon SDM Tcam SSHSee also Bpdu Accelerated aging Blocking state IN-12Vcat IN-13IN-14
Related manuals
Manual 334 pages 34.27 Kb Manual 12 pages 12.34 Kb

ONS 15310-CL, ONS 15310-MA, Cisco ONS 15310-MA specifications

Cisco Systems has long been a leader in networking and telecommunications technology, and among its impressive lineup of products, the Cisco ONS 15310 series stands out as an essential solution for optical networking. This series includes models such as the ONS 15310-MA, ONS 15310-CL, and ONS 15310-CA, each designed to meet the diverse needs of service providers and enterprises seeking to enhance their optical transport networks.

The Cisco ONS 15310-MA is an advanced multi-service platform designed for metropolitan area networks. It facilitates the seamless transport of data, voice, and video over optical networks. One of its main features is its ability to support a variety of interfaces, including Ethernet, SONET/SDH, and Wavelength Division Multiplexing (WDM), allowing users to integrate multiple services into a single platform. Additionally, the ONS 15310-MA supports advanced traffic management and Quality of Service (QoS) features to prioritize critical applications and ensure consistent performance.

The ONS 15310-CL variant is tailored for more specific applications, providing enhanced capabilities aimed at delivering carrier-grade services. It features a robust architecture that accommodates high-capacity traffic without compromising reliability. This model emphasizes low power consumption and a compact design, making it suitable for deployment in space-constrained environments. The ONS 15310-CL also supports a wide range of optical interfaces, making it highly flexible for various network configurations.

In terms of technologies, the Cisco ONS 15310 series leverages Optical Transport Network (OTN) capabilities, providing high efficiency and greater bandwidth utilization. OTN technology enables efficient error correction and adds resilience to the network through its built-in protection mechanisms. Furthermore, the series supports seamless integration with existing IP/MPLS networks, creating a cohesive infrastructure as organizations evolve their networking requirements.

One of the defining characteristics of the ONS 15310 series is its focus on scalability. Network operators can start with a modest deployment and gradually expand capacity as demand grows. This adaptability is complemented by Cisco's comprehensive management and monitoring tools, providing operators with real-time insights into network performance and facilitating proactive management.

In conclusion, the Cisco ONS 15310-MA and ONS 15310-CL models represent sophisticated solutions for modern optical networks. With their versatile features, advanced technologies, and robust design, they empower service providers and enterprises to build resilient, high-capacity networks that meet the demands of today’s data-driven world.
Top Page Image Contents