Chapter 15 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

 

Command

Purpose

Step 3

 

 

Router (config)# radius-server host

Specify the IP address or hostname of the remote RADIUS server host.

 

{hostname ip-address}[auth-port

(Optional) For auth-portport-number, specify the UDP destination

 

port-number][acct-portport-number]

 

port for authentication requests.

 

[timeout seconds] [retransmit retries]

 

(Optional) For acct-portport-number, specify the UDP destination

 

[key string]

 

 

port for accounting requests.

 

 

(Optional) For timeout seconds, specify the time interval that the

 

 

switch waits for the RADIUS server to reply before resending. The

 

 

range is 1 to 1000. This setting overrides the radius-server timeout

 

 

global configuration command setting. If no timeout is set with the

 

 

radius-server host command, the setting of the radius-server

 

 

timeout command is used.

 

 

(Optional) For retransmit retries, specify the number of times a

 

 

RADIUS request is resent to a server if that server is not responding

 

 

or responding slowly. The range is 1 to 1000. If no retransmit value is

 

 

set with the radius-server host command, the setting of the

 

 

radius-server retransmit global configuration command is used.

 

 

(Optional) For key string, specify the authentication and encryption

 

 

key used between the switch and the RADIUS daemon running on the

 

 

RADIUS server.

 

 

Note The key is a text string that must match the encryption key used

 

 

on the RADIUS server. Always configure the key as the last item

 

 

in the radius-server host command. Leading spaces are ignored,

 

 

but spaces within and at the end of the key are used. If you use

 

 

spaces in your key, do not enclose the key in quotation marks

 

 

unless the quotation marks are part of the key.

 

 

To configure the switch to recognize more than one host entry associated

 

 

with a single IP address, enter this command as many times as necessary,

 

 

making sure that each UDP port number is different. The switch software

 

 

searches for hosts in the order in which you specify them. Set the timeout,

 

 

retransmit, and encryption key values to use with the specific RADIUS

 

 

host.

Step 4

 

 

Router (config)# aaa group server

Define the AAA server-group with a group name.

 

radius group-name

This command puts the ML-Series card in a server group configuration

 

 

 

 

mode.

Step 5

 

 

Router (config-sg-radius)# server

Associate a particular RADIUS server with the defined server group.

 

ip-address

Repeat this step for each RADIUS server in the AAA server group.

 

 

Each server in the group must be previously defined in Step 2.

Step 6

 

 

Router (config-sg-radius)# end

Return to privileged EXEC mode.

Step 7

 

 

Router # show running-config

Verify your entries.

Step 8

 

 

Router # copy running-config

(Optional) Save your entries in the configuration file.

 

startup-config

 

Step 9

 

 

 

Enable RADIUS login authentication. See the “Configuring AAA Login

 

 

Authentication” section on page 15-11.

 

 

 

 

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

15-14

78-18133-01

Page 207 Page 209
Page 208
Image 208
Cisco Systems 15310-MA Router config# aaa group server, Router config-sg-radius# server, Router config-sg-radius# end
Page 207 Page 209

15310-CL, 15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.
Top Page Image Contents