Chapter 15 Configuring Security for the ML-Series Card

Secure Shell on the ML-Series Card

 

Command

Purpose

Step 1

 

 

Router #configure terminal

Enter global configuration mode.

Step 2

 

 

Router (config)# hostname hostname

Configure a hostname for your ML-Series card.

Step 3

 

 

Router (config)# ip domain-name

Configure a host domain for your ML-Series card.

 

domain_name

 

Step 4

 

 

Router (config)# crypto key generate

Enable the SSH server for local and remote authentication on the

 

rsa

ML-Series card and generate an RSA key pair.

 

 

When you generate RSA keys, you are prompted to enter a modulus

 

 

length. The default modulus length is 512 bits. A longer modulus length

 

 

might be more secure, but it takes longer to generate and to use.

Step 5

 

 

Router (config)# ip ssh timeout seconds

Specify the timeout value in seconds; the default is 120 seconds. The

 

 

range is 0 to 120 seconds. This parameter applies to the SSH negotiation

 

 

phase. After the connection is established, the ML-Series card uses the

 

 

default timeout values of the CLI-based sessions.

 

 

By default, up to five simultaneous, encrypted SSH connections for

 

 

multiple CLI-based sessions over the network are available (session 0

 

 

to session 4). After the execution shell starts, the CLI-based session

 

 

timeout value returns to the default of 10 minutes.

Step 6

 

 

Router (config)# ip ssh

Specify the number of times that a client can reauthenticate to the

 

authentication-retries number

server. The default is 3; the range is 0 to 5.

Step 7

 

 

Router (config)# end

Return to privileged EXEC mode.

Step 8

 

 

Router # show ip ssh

Displays the version and configuration information for your SSH

 

or

server.

 

 

 

Router # show ssh

 

 

 

Displays the status of the SSH server on the ML-Series card.

Step 9

 

 

Router # show crypto key mypubkey rsa

Displays the generated RSA key pair associated with this ML-Series

 

 

card.

Step 10

 

 

Router # copy running-config

(Optional) Save your entries in the configuration file.

 

startup-config

 

 

 

 

To delete the RSA key pair, use the crypto key zeroize rsa global configuration command. After the RSA key pair is deleted, the SSH server is automatically disabled.

Configuring the SSH Server

Beginning in privileged EXEC mode, follow these steps to configure the SSH server:

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

15-4

78-18133-01

 

 

Page 198
Image 198
Cisco Systems 15310-MA, 15310-CL manual Configuring the SSH Server, 15-4

15310-CL, 15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.