Manuals / Cisco Systems / Computer Equipment / Network Card

Cisco Systems 15310-CL Default Radius Configuration, Identifying the Radius Server Host, 15-9

Models: 15310-CL 15310-MA

1 278
Download 278 pages 31.98 Kb
Page 203
Image 203

Chapter 15 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

Default RADIUS Configuration

RADIUS and AAA are disabled by default. To prevent a lapse in security, you cannot configure RADIUS through a network management application. When enabled, RADIUS can authenticate users accessing the ML-Series card through the Cisco IOS CLI.

Identifying the RADIUS Server Host

ML-Series-card-to-RADIUS-server communication involves several components:

Hostname or IP address

Authentication destination port

Accounting destination port

Key string

Timeout period

Retransmission value

You identify RADIUS security servers by their hostname or IP address, their hostname and specific UDP port numbers, or their IP address and specific UDP port numbers. The combination of the IP address and the UDP port number creates a unique identifier, allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. This unique identifier enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address.

If two different host entries on the same RADIUS server are configured for the same service—for example, accounting—the second host entry configured acts as a fail-over backup to the first one. Using this example, if the first host entry fails to provide accounting services, the ML-Series card tries the second host entry configured on the same device for accounting services.

To configure RADIUS to use the AAA security commands, you must specify the host running the RADIUS server daemon and a secret text (key) string that it shares with the ML-Series card. A RADIUS server, the ONS node, and the ML-Series card use a shared secret text string to encrypt passwords and exchange responses. The system ensures that the ML-Series cards' shared secret matches the shared secret in the ONS node.

Note If you configure both global and per-server functions (timeout, retransmission, and key commands) on the switch, the per-server timer, retransmission, and key value commands override global timer, retransmission, and key value commands. For information on configuring these settings on all RADIUS servers, see the “Configuring Settings for All RADIUS Servers” section on page 15-17.

Note Retransmission and timeout period values can be configured on the ML-Series card in stand alone mode. These values cannot be configured on the ML-Series card in relay mode.

You can configure the ML-Series card to use AAA server groups to group existing server hosts for authentication. For more information, see the “Defining AAA Server Groups” section on page 15-13.

Beginning in privileged EXEC mode, follow these steps to configure per-server RADIUS server communication. This procedure is required.

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

 

78-18133-01

15-9

 

 

 

Page 202 Page 204
Page 203
Image 203
Cisco Systems 15310-CL, 15310-MA manual Default Radius Configuration, Identifying the Radius Server Host, 15-9
Page 202 Page 204

15310-CL, 15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.