Chapter 15 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

 

Command

Purpose

Step 5

 

 

Router (config-line)# login

Apply the authentication list to a line or set of lines.

 

authentication {default list-name}

If you specify default, use the default list created with the aaa

 

 

 

 

authentication login command.

 

 

For list-name, specify the list created with the aaa authentication

 

 

login command.

Step 6

 

 

Router (config)# end

Return to privileged EXEC mode.

Step 7

 

 

Router# show running-config

Verify your entries.

Step 8

 

 

Router# copy running-config

(Optional) Save your entries in the configuration file.

 

startup-config

 

 

 

 

To disable AAA, use the no aaa new-modelglobal configuration command. To disable AAA authentication, use the no aaa authentication login {default list-name} method1 [method2...] global configuration command. To either disable RADIUS authentication for logins or to return to the default value, use the no login authentication {default list-name} line configuration command.

Defining AAA Server Groups

You can configure the ML-Series card to use AAA server groups to group existing server hosts for authentication. You select a subset of the configured server hosts and use them for a particular service. The server group is used with a global server-host list, which lists the IP addresses of the selected server hosts.

Server groups also can include multiple host entries for the same server if each entry has a unique identifier (the combination of the IP address and UDP port number), allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. If you configure two different host entries on the same RADIUS server for the same service (for example, accounting), the second configured host entry acts as a fail-over backup to the first one.

You use the server group server configuration command to associate a particular server with a defined group server. You can either identify the server by its IP address or identify multiple host instances or entries by using the optional auth-portand acct-portkeywords.

Beginning in privileged EXEC mode, follow these steps to define the AAA server group and associate a particular RADIUS server with it:

 

Command

Purpose

Step 1

 

 

Router# configure terminal

Enter global configuration mode.

Step 2

 

 

Router (config)# aaa new-model

Enable AAA.

 

 

 

 

 

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

 

 

 

 

 

 

78-18133-01

 

 

15-13

 

 

 

 

 

Page 206 Page 208
Page 207
Image 207
Cisco Systems 15310-CL, 15310-MA manual Defining AAA Server Groups, Router config# end Return to privileged Exec mode, 15-13
Page 206 Page 208

15310-CL, 15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.
Top Page Image Contents