Manuals / Cisco Systems / Computer Equipment / Network Card

Cisco Systems 15310-MA Deadtime minutes, Marked as dead, the skipping will not take place, 15-18

Models: 15310-CL 15310-MA

1 278
Download 278 pages 31.98 Kb
Page 212
Image 212

Chapter 15 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

 

Command

Purpose

Step 5

 

 

Router (config)# radius-server

Specify the number of minutes to mark as "dead" any RADIUS servers that

 

deadtime minutes

fail to respond to authentication requests. A RADIUS server marked as

 

 

"dead" is skipped by additional authentication requests for the specified

 

 

number of minutes. This allows trying the next configured server without

 

 

having to wait for the request to time out before. If all RADIUS servers are

 

 

marked as "dead," the skipping will not take place.

 

 

The default is 0; the range is 1 to 1440 minutes.

Step 6

 

 

Router (config)# end

Return to privileged EXEC mode.

Step 7

 

 

Router# show running-config

Verify your settings.

Step 8

 

 

Router# copy running-config

(Optional) Save your entries in the configuration file.

 

startup-config

 

 

 

 

To return to the default setting for the retransmit, timeout, and deadtime, use the no forms of these commands.

Configuring the ML-Series Card to Use Vendor-Specific RADIUS Attributes

The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the ML-Series card and the RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes that are not suitable for general use. The Cisco RADIUS implementation supports one vendor-specific option by using the format recommended in the specification. Cisco’s vendor-ID is 9, and the supported option has vendor-type 1, which is named cisco-avpair. The value is a string with this format:

protocol : attribute sep value *

Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco Terminal Access Controller Access Control System Plus (TACACS+) specification, and sep is the character = for mandatory attributes and the character * for optional attributes. The full set of features available for TACACS+ authorization can then be used for RADIUS.

For example, this AV pair activates Cisco’s multiple named ip address pools feature during IP authorization (during point-to-point protocol [PPP] internet protocol control protocol (IPCP) address assignment):

cisco-avpair=”ip:addr-pool=first“

This example shows how to specify an authorized VLAN in the RADIUS server database:

cisco-avpair=”tunnel-type(#64)=VLAN(13)”

cisco-avpair=”tunnel-medium-type(#65)=802 media(6)”

cisco-avpair=”tunnel-private-group-ID(#81)=vlanid”

This example shows how to apply an input access control list (ACL) in ASCII format to an interface for the duration of this connection:

cisco-avpair=“ip:inacl#1=deny ip 10.10.10.10 0.0.255.255 20.20.20.20 255.255.0.0”

cisco-avpair=“ip:inacl#2=deny ip 10.10.10.10 0.0.255.255 any”

cisco-avpair=“mac:inacl#3=deny any any decnet-iv”

 

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

15-18

78-18133-01

Page 211 Page 213
Page 212
Image 212
Cisco Systems 15310-MA, 15310-CL manual Deadtime minutes, Marked as dead, the skipping will not take place, 15-18
Page 211 Page 213

15310-CL, 15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.