Cisco Systems 15310-MA Router config# aaa authentication, Router config# line console tty, 15-12

Page 206

Chapter 15 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

 

Command

Purpose

 

 

 

Step 3 Router (config)# aaa authentication

Create a login authentication method list.

 

login {default list-name}method1

To create a default list that is used when a named list is not specified

 

[method2...]

 

in the login authentication command, use the default keyword

 

 

 

 

followed by the methods that are to be used in default situations. The

 

 

default method list is automatically applied to all ports.

 

 

For list-name, specify a character string to name the list you are

 

 

creating.

 

 

For method1..., specify the actual method the authentication

 

 

algorithm tries. The additional methods of authentication are used

 

 

only if the previous method returns an error, not if it fails.

 

 

Select one of these methods:

 

 

enable—Use the enable password for authentication. Before you

 

 

can use this authentication method, you must define an enable

 

 

password by using the enable password global configuration

 

 

command.

 

 

group radius—Use RADIUS authentication. Before you can use

 

 

this authentication method, you must configure the RADIUS

 

 

server. For more information, see the “Identifying the RADIUS

 

 

Server Host” section on page 15-9.

 

 

line—Use the line password for authentication. Before you can

 

 

use this authentication method, you must define a line password.

 

 

Use the password password line configuration command.

 

 

local—Use the local username database for authentication. You

 

 

must enter username information in the database. Use the

 

 

username name password global configuration command.

 

 

local-case—Use a case-sensitive local username database for

 

 

authentication. You must enter username information in the

 

 

database by using the username password global configuration

 

 

command.

 

 

none—Do not use any authentication for login.

 

 

 

Step 4 Router (config)# line [console tty

Enter line configuration mode, and configure the lines to which you want

 

vty] line-number [ending-line-number]

to apply the authentication list.

 

 

 

 

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

15-12

78-18133-01

Image 206
Contents Americas Headquarters Text Part NumberCopyright 2007-2009 Cisco Systems, Inc. All rights reserved RPR Startup Configuration File Configuring POS Interface Framing Mode IiiUnderstanding VLANs Configuring Encapsulation over EtherChannel or POS Channel IP ACLs Role of Sonet Circuits ViiConfiguration Guidelines ViiiUsing Technical Support C-1 Page 11-5 11-311-4 11-714-18 14-1314-17 14-2211-11 10-510-6 11-1217-8 13-317-7 This section provides the following information PrefaceRevision History DateRelated Documentation Document ObjectivesAudience Boldface Document ConventionsConvention Application ItalicBewaar Deze Instructies Warnung Wichtige SicherheitshinweiseAvvertenza Importanti Istruzioni Sulla Sicurezza Aviso Instruções Importantes DE SegurançaPage GEM Disse Anvisninger Viii Cisco Optical Networking Product Documentation CD-ROM Where to Find Safety and Warning InformationObtaining Optical Networking Information Page Overview of the ML-Series Card ML-Series Card DescriptionML-Series Feature List IRBBundling the two POS ports LEX encapsulation only GFP-F Framing Key ML-Series FeaturesCisco IOS Cisco IOS Release 12.228SVLink Aggregation FEC and POS RmonTL1 ML-Series POS Statistics Fields and Buttons CTC Operations on the ML-Series CardDisplaying ML-Series POS Statistics in CTC RefreshML-Series Ethernet Statistics Fields and Buttons Displaying ML-Series Ethernet Statistics in CTCButton Description CTC Provisioning Sonet Circuits Displaying Sonet AlarmsDisplaying J1 Path Trace 78-18133-01 Page Cisco IOS on the ML-Series Card Initial Configuration of the ML-Series CardHardware Installation Opening a Cisco IOS Session Using CTC Telnetting to the Node IP Address and Slot NumberTelnetting to a Management Port CTC Node View Showing IP AddressRJ-11 to RJ-45 Console Cable Adapter Connecting a PC or Terminal to the Console PortML-Series IOS CLI Console Port RJ-11 Pin RJ-45 PinStartup Configuration File Command Purpose PasswordsConfiguring the Management Port Router enableConfiguring the Hostname NvramLoading a Cisco IOS Startup Configuration File Through CTC Click the IOS startup config buttonCisco IOS Command Modes Database Restore of the Startup Configuration FileInterface fastethernet 0 for Mode What You Use It For How to Access PromptEnter the configure terminal Enter the line consoleExit Using the Command ModesRouter# configure ? Getting HelpPage MAC Addresses Configuring Interfaces on the ML-Series CardGeneral Interface Guidelines Interface Port ID MLSeries# show interfaces fastethernetMLSeriesconfig# interface fastethernet number Basic Interface ConfigurationMLSeries# configure terminal Basic Fast Ethernet and POS Interface Configuration Configuring the Fast Ethernet InterfacesConfiguring the POS Interfaces Monitoring Operations on the Fast Ethernet Interfaces HdlcExample 4-3 show controller Command Output FCRExample 4-4 show run interface Command Output Daytona# show run interface fastethernetAvailable Circuit Sizes and Combinations Configuring POS on the ML-Series CardUnderstanding POS on the ML-Series Card Ccat High Order Vcat High Order J1 Path Trace, and Sonet AlarmsLcas Support Mbps STS-1 STS-1-1v STS-1-2vCRC Sizes Bit default None FCS disabled Configuring the POS InterfaceEncapsulations LEX default Cisco Hdlc GFP-F Framing Hdlc FramingAllowed only when the interface is shut down Configuring POS Interface Framing ModeFraming mode changes on POS ports are AdmindownForm of the command sets the framing mode Sets the framing mode employed by the ONSNot a keyword choice in the command. The no GFP default-The ML-Series card supportsSonet Alarms Configuring Sonet AlarmsConfiguring Sonet Delay Triggers All -All alarms/signalsMonitoring and Verifying POS Hdlc Page These sections describe how the spanning-tree features work Configuring STP and Rstp on the ML-Series CardSTP Features Bridge Protocol Data Units STP OverviewSupported STP Instances Election of the Root Switch Switch Priority Value Bridge ID, Switch Priority, and Extended System IDSpanning-Tree Timers BitCreating the Spanning-Tree Topology Spanning-Tree Interface StatesBlocking State Spanning-Tree Interface StatesLearning State Disabled StateListening State Forwarding StateSpanning Tree and Redundant Connectivity Spanning-Tree Address ManagementSTP and Ieee 802.1Q Trunks Supported Rstp Instances Rstp FeaturesAccelerated Aging to Retain Connectivity Port State Comparison Port Roles and the Active TopologyIs Port Included Rapid Convergence Synchronization of Port Roles Proposal and Agreement Handshaking for Rapid ConvergenceRstp Bpdu Flags Bridge Protocol Data Unit Format and ProcessingBit Function Processing Inferior Bpdu Information Topology ChangesProcessing Superior Bpdu Information Configuring STP and Rstp Features Interoperability with Ieee 802.1D STPDisabling STP and Rstp Default STP and Rstp ConfigurationFeature Default Setting Port-channel-number Configuring the Root SwitchConfiguring the Port Priority Configuring the Path Cost Configuring the Switch Priority of a Bridge GroupConfiguring the Hello Time Verifying and Monitoring STP and Rstp Status Configuring the Forwarding-Delay Time for a Bridge GroupConfiguring the Maximum-Aging Time for a Bridge Group Displays detailed STP or Rstp information Commands for Displaying Spanning-Tree StatusExample 6-1 show spanning-tree Commands Displays brief summary of STP or Rstp informationPage Configuring VLANs on the ML-Series Card Understanding VLANsConfiguring Ieee 802.1Q Vlan Encapsulation Optional Saves your configuration changes to Ieee 802.1Q Vlan ConfigurationReturns to privileged Exec mode MLSeriesconfig-subif# endBridging Ieee 802.1Q VLANs ML-Series#show vlans Example 7-2 Output for show vlans CommandMonitoring and Verifying Vlan Operation Page Understanding Ieee 802.1Q Tunneling Ieee 802.1Q Tunnel Ports in a Service-Provider Network FCS Configuring an Ieee 802.1Q Tunneling Port Configuring Ieee 802.1Q TunnelingIeee 802.1Q Tunneling and Compatibility with Other Features Optional Saves your entries in the configuration file Untagged will be switched based on this bridge-group. OtherDisplays the tunnel ports on the switch Ieee 802.1Q ExampleVLAN-Transparent Service Versus VLAN-Specific Services VLAN-Transparent Services VLAN-Specific ServicesExample 8-2 MLSeries B Configuration Example 8-3 ML-Series Card a Configuration Example 8-3applies to ML-Series card aExample 8-4applies to ML-Series card B Example 8-4 ML-Series Card B ConfigurationExample 8-5 ML-Series Card C Configuration Example 8-5applies to ML-Series card CConfiguring Layer 2 Protocol Tunneling Understanding Layer 2 Protocol Tunneling2shows the default Layer 2 protocol tunneling configuration Default Layer 2 Protocol Tunneling ConfigurationLayer 2 Protocol Tunneling Configuration Guidelines Default Layer 2 Protocol Tunneling ConfigurationConfiguring Layer 2 Tunneling on a Port Configuring Layer 2 Tunneling Per-VLAN Monitoring and Verifying Tunneling StatusConfiguring Link Aggregation on the ML-Series Card Understanding Link AggregationConfiguring Link Aggregation Configuring Fast EtherChannelEtherChannel Configuration Example Cisco IOS Configuration Fundamentals Configuration GuideCreates the POS channel interface. You can Configuring POS ChannelConfigure one POS channel on the ML-Series card Assigns an IP address and subnet mask to the POSPOS Channel Configuration Example Configuring Encapsulation over EtherChannel or POS Channel Understanding Encapsulation over FEC or POS ChannelExample 9-5 MLSeries a Configuration Configuration mode and enable otherSupported interface commands to meet Encapsulation over EtherChannel ExampleExample 9-6 MLSeries B Configuration Monitoring and Verifying EtherChannel and POSXOR Result Port Channel Load Balancing on the ML-Series cardsFor the Frame PortFrame Used MemberInterface for EtherChannelThird SecondFirst FourthUsed Member Understanding Integrated Routing and Bridging Configuring IRB on the ML-Series CardCisco IOS Command Reference publication This chapter includes the following major sectionsConfiguring IRB 10-2IRB Configuration Example 10-3Monitoring and Verifying IRB Example 10-1 Configuring MLSeries aExample 10-2 Configuring MLSeries B 10-410-5 Field Description 10-6Configuring Quality of Service on the ML-Series Card 11-1Priority Mechanism in IP and Ethernet IP Precedence and Differentiated Services Code PointUnderstanding QoS 11-2Ethernet CoS 11-311-4 ML-Series QoSClassification 11-5 PolicingMarking and Discarding with a Policer 11-6 QueuingScheduling Control Packets and L2 Tunneled Protocols 11-7QinQ Implementation Egress Priority MarkingIngress Priority Marking 11-811-9 QoS on RPRFlow Control Pause and QoS 11-10 Configuring QoSCreating a Traffic Class Creating a Traffic Policy 11-11Class class-map-name no class class-map-name Syntax of the class command isPolicy-map policy-nameno policy-map policy-name Maximum of 40 alphanumeric characters11-13 Command 11-14Attaching a Traffic Policy to an Interface 11-15Displays all configured traffic policies Monitoring and Verifying QoS ConfigurationConfiguring CoS-Based QoS Traffic classQoS Configuration Examples 11-1711-18 Traffic Classes Defined ExampleTraffic Policy Created Example Example 11-8 Class Map SPR Interface Command Example Example 11-6 Class Map Match All Command ExampleExample 11-7 Class Map Match Any Command Example Match spr1 Interface ExampleML-Series Policing Example Example 11-9 ML-Series VoIP CommandsML-Series VoIP Example 11-20Routerconfig# policy-map policef0 Example 11-10 ML-Series Policing CommandsRouterconfig# class-map match-all policer ML-Series CoS-Based QoS Example11-22 ML-Series CoS ExampleDefault Multicast QoS 11-2311-24 Configuring Multicast Priority Queuing QoSMulticast Priority Queuing QoS Restrictions 11-25 11-26 QoS not Configured on EgressML-Series Egress Bandwidth Example 11-27 BandwidthStatistics Collected Interface Subinterface Vlan Understanding CoS-Based Packet StatisticsFast Ethernet 11-28Configuring CoS-Based Packet Statistics 11-29MLSeries# show interface fastethernet 0 cos Understanding IP SLA11-30 MLSeries# show interface pos0 cos11-31 IP SLA on the ML-SeriesIP SLA Restrictions on the ML-Series 11-32 12-1 Understanding the SDMUnderstanding SDM Regions Default Size Configuring SDMConfiguring SDM Regions Lookup TypeMonitoring and Verifying SDM Configuring Access Control List Size in TcamTask Command Entries12-4 ML-Series ACL Support Configuring Access Control Lists on ML-Series CardUnderstanding ACLs 13-1User Guidelines IP ACLsNamed IP ACLs 13-213-3 Creating IP ACLsCreating Numbered Standard and Extended IP ACLs Applying the ACL to an Interface Creating Named Standard IP ACLsCreating Named Extended IP ACLs Control Plane Only 13-413-5 Controls access to an interfaceModifying ACL Tcam Size Applying ACL to Interface13-6 14-1 Configuring Resilient Packet Ring on ML-Series CardUnderstanding RPR 14-2 Role of Sonet CircuitsPacket Handling Operations Ring Wrapping 14-3RPR Framing Process 14-414-5 DA-MAC and 0x00 for Unknown DA-MACRPR as the source RPR Frame for ML-Series CardRPR QoS Configuring RPRMAC Address and Vlan Support CTM and RPR14-7 Configuring CTC Circuits for RPRCTC Circuit Configuration Example for RPR 14-8 Three-Node RPR Example14-9 Immediate delayed Configures a station ID. The user must configure aOptional Sets the RPR ring wrap mode to either wrap 14-10Assigning the ML-Series Card POS Ports to the SPR Interface 14-1114-12 14-13 Example 14-2 SPR Station-ID 2 Configuration RPR Cisco IOS Configuration ExampleExample 14-1 SPR Station-ID 1 Configuration 14-1414-15 CRC Threshold Configuration and DetectionExample 14-3 SPR Station-ID 3 Configuration Example 14-4 Example of show interface spr 1 Output Monitoring and Verifying RPR14-16 Example 14-5 Example of show run interface spr 1 OutputAdd an ML-Series Card into an RPR 14-1714-18 Three-Node RPR After the AdditionAdding an ML-Series Card into an RPR 14-19Endpoint of the first newly created circuit Cisco ONS 15454 Procedure GuideEnables the port 14-20Endpoint of the second newly created circuit Stop. You have completed this procedureDelete an ML-Series Card from an RPR 14-2114-22 Three-Node RPR Before the DeletionDouble-click the ML-Series card in Adjacent Node Deleting an ML-Series Card from an RPRLog into Adjacent Node 1 with CTC 14-2314-24 Cisco Proprietary RPR KeepAlive Configuring Cisco Proprietary RPR KeepAliveConfiguring Shortest Path and Topology Discovery Cisco Proprietary RPR Shortest PathRedundant Interconnect is only supported on 454 platforms Redundant InterconnectMonitoring and Verifying Shortest Path andTopolgy Discovery 14-2615-1 Configuring Security for the ML-Series CardUnderstanding Security Secure Shell on the ML-Series Card Secure Login on the ML-Series CardDisabling the Console Port on the ML-Series Card Understanding SSHSetting Up the ML-Series Card to Run SSH Configuring SSHConfiguration Guidelines This section has configuration informationConfiguring the SSH Server 15-4Router config# ip ssh version 1 Displaying the SSH Configuration and StatusRouter # configure terminal Router config# ip ssh timeout15-6 Radius Relay ModeRadius on the ML-Series Card 15-7 Radius Stand Alone ModeConfiguring Radius Relay Mode 15-8 Configuring RadiusUnderstanding Radius 15-9 Default Radius ConfigurationIdentifying the Radius Server Host 15-10 Router config# aaa new-model Enable AAA Configuring AAA Login AuthenticationRouter# configure terminal Enter global configuration mode Switchconfig# radius-server host host115-12 Router config# aaa authenticationRouter config# line console tty Defining AAA Server Groups Router config# end Return to privileged Exec modeRouter# show running-config Verify your entries 15-13Router config-sg-radius# end Router config# aaa group serverRouter config-sg-radius# server Router # show running-configRadius 15-15Starting Radius Accounting 15-1615-17 Configuring a nas-ip-address in the Radius PacketConfiguring Settings for All Radius Servers Marked as dead, the skipping will not take place Default is 0 the range is 1 to 1440 minutesDeadtime minutes 15-18Send accounting authentication 15-19Displaying the Radius Configuration 15-2016-1 Configuring Bridging on the ML-Series CardUnderstanding Bridging Configuring Bridging 16-216-3 For any statically configured forwarding entriesMonitoring and Verifying Bridging To specific bridge groups Displays detailed information about spanning treeBridge-group-number restricts the spanning tree information Brief displays summary information about spanning treeSonet CE-100T-8 Ethernet OperationCE-100T-8 Overview 17-117-2 CE-100T-8 Ethernet FeaturesAutonegotiation, Flow Control, and Frame Buffering Ethernet Link Integrity Support 17-317-4 Enhanced State Model for Ethernet and Sonet PortsIeee 802.1Q CoS and IP ToS Queuing CoS Priority Queue Mappings 17-5IP ToS Priority Queue Mappings Statistics and Counters CE-100T-8 Sonet Circuits and FeaturesRmon and Snmp Support 17-6Maximum Number of STS-1-2v Circuits Ccat High Order Vcat High Order Vcat Low OrderNumber of STS-3c Circuits Maximum Number of STS-1 Circuits 17-77x=1-12 6x=1-14 5x=1-16 =1-21 CE-100T-8 Maximum Service DensitiesCE-100T-8 STS/VT Allocation Tab 17-8CE-100T-8 Vcat Characteristics 17-9CE-100T-8 POS Encapsulation, Framing, and CRC 17-10CE-100T-8 Loopback, J1 Path Trace, and Sonet Alarms 17-1117-12 Command Reference for the ML-Series Card Ieee Related Commands bridge-groupDrpri-rstp RstpRouter# clear counters Related Commands show interfaceClear counters Clock summertime Syntax Description Defaults Command Modes Usage GuidelinesNo clock auto Clock timezoneDefaults Command Modes Interface sprMLSeriesconfig-if # pos mode gfp fcs-disable No pos mode gfp fcs-disabledRelated Commands shutdown No pos pdi holdoff time Pos trigger defects No pos report alarmRelated Commands Non pos trigger defects condition Syntax Description DefaultsRelated Commands pos trigger delay Default value is 200 milliseconds No pos trigger delay timeTime Delay time in milliseconds, 200 to Command is 50 millisecondsParameter Description No pos vcat defect immediate delayedDelayed ImmediateShow controller pos interface-numberdetails MLSeries# show controller pos 0 Interface POS0Related Commands show interface pos Clear counters Show interface pos interface-number Use this command to display the status of the POS interfaceRelated Commands show controller pos Clear counters Show ons alarm MLSeries# show ons alarm78-18133-01 Vcg EqptSts Related Commands show controller pos Show ons alarm failures MLSeries# show ons alarm defect stsMLSeries# show ons alarm failure eqpt ML-Series#show ons alarm failure portMLSeries# show ons alarm failure sts Assigns the POS interface to the SPR interface Interface spr Spr station-id Spr wrapAuto Related Commands interface sprNo spr load-balance auto port-based Port-basedFollowing example sets an ML-Series card SPR station ID to Configures a station IDDefaultsN/A Spr-intf-id Spr wrapInterface spr Spr-intf-id Spr station-id Spr wrap immediate delayedWraps RPR traffic after the carrier delay time expires Unsupported Global Configuration Commands Unsupported CLI Commands for the ML-Series CardUnsupported Privileged Exec Commands Page Unsupported POS Interface Configuration Commands Unsupported FastEthernet Interface Configuration Commands Unsupported Port-Channel Interface Configuration Commands Unsupported BVI Interface Configuration Commands Rate-limit Random-detect Timeout Tx-ring-limitUsing Technical Support Gathering Information About Your InternetworkGetting the Data from Your ML-Series Card Providing Data to Your Technical Support Representative Page IN-5 IS,AINS IN-6IN-7 SSH RPRRstp SDM CRCRstp STP IN-9IN-10 See also framingGFP-F Lcas IN-11IN-12 POSRPR SDM IN-13 IN-14 RmonRstp IN-15 SnmpSee also Bpdu IN-16 TcamVcat SDM STP and Rstp status Configuring as Layer 2 tunnel Configuring Ieee 802.1QCustomer numbering in service-provider VTP Layer 2 protocol tunneling VtyIN-18
Related manuals
Manual 8 pages 60.19 Kb Manual 352 pages 59.1 Kb

15310-CL, 15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.