Chapter 15 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

Configuring a nas-ip-address in the RADIUS Packet

The ML-Series card in RADIUS relay mode allows the user to configure a separate nas-ip-address for each ML-Series card. In RADIUS standalone mode, this command is hidden in the Cisco IOS CLI. This allows the RADIUS server to distinguish among individual ML-Series card in the same ONS node.

Identifying the specific ML-Series card that sent the request to the server can be useful in debugging from the server. The nas-ip-address is primarily used for validation of the RADIUS authorization and accounting requests.

If this value is not configured, the nas-ip-address is filled in by the normal Cisco IOS mechanism using the value configured by the ip radius-sourcecommand. If no value is specified then the best IP address routable to the server is used. If no routable address is available, the IP address of the server is used.

Beginning in privileged EXEC mode, follow these steps to configure the nas-ip-address:

 

Command

Purpose

Step 1

 

 

Router# configure terminal

Enter global configuration mode.

Step 2

 

 

Router (config)# [no] ip radius

Specify the IP address or hostname of the attribute 4 (nas-ip-address) in the

 

nas-ip-address {hostname

radius packet.

 

ip-address}

If there is only one ML-Series card in the ONS node, this command does

 

 

 

 

not provide any advantage. The public IP address of the ONS node serves

 

 

as the nas-ip-address in the RADIUS packet sent to the server.

Step 3

 

 

Router (config)# end

Return to privileged EXEC mode.

Step 4

 

 

Router# show running-config

Verify your settings.

Step 5

 

 

Router# copy running-config

(Optional) Save your entries in the configuration file.

 

startup-config

 

 

 

 

Configuring Settings for All RADIUS Servers

Beginning in privileged EXEC mode, follow these steps to configure global communication settings between the ML-Series card and all RADIUS servers:

 

Command

Purpose

Step 1

 

 

Router# configure terminal

Enter global configuration mode.

Step 2

 

 

Router (config)# radius-server key

Specify the shared secret text string used between the ML-Series card and

 

string

all RADIUS servers.

 

 

Note The key is a text string that must match the encryption key used on

 

 

the RADIUS server. Leading spaces are ignored, but spaces within

 

 

and at the end of the key are used. If you use spaces in your key, do

 

 

not enclose the key in quotation marks unless the quotation marks

 

 

are part of the key.

Step 3

 

 

Router (config)# radius-server

Specify the number of times the ML-Series card sends each RADIUS

 

retransmit retries

request to the server before giving up. The default is 3; the range 1 to 1000.

Step 4

 

 

Router (config)# radius-server

Specify the number of seconds a ML-Series card waits for a reply to a

 

timeout seconds

RADIUS request before resending the request. The default is 5 seconds; the

 

 

range is 1 to 1000.

 

 

 

 

 

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

 

 

 

 

 

 

78-18133-01

 

 

15-17

 

 

 

 

 

Page 210 Page 212
Page 211
Image 211
Cisco Systems 15310-CL Configuring a nas-ip-address in the Radius Packet, Configuring Settings for All Radius Servers
Page 210 Page 212

15310-CL, 15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.
Top Page Image Contents