Send accounting authentication, 15-19 | Cisco Systems 15310-CL

Chapter 15 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

This example shows how to apply an output ACL in ASCII format to an interface for the duration of this connection:

cisco-avpair=“ip:outacl#2=deny ip 10.10.10.10 0.0.255.255 any”

Other vendors have their own unique vendor-IDs, options, and associated VSAs. For more information about vendor-IDs and VSAs, see RFC 2138, “Remote Authentication Dial-In User Service (RADIUS).”

Beginning in privileged EXEC mode, follow these steps to configure the ML-Series card to recognize and use VSAs:

	Command	Purpose
Step 1
Step 1	Router# configure terminal	Enter global configuration mode.
Step 2
Step 2	Router (config)# radius-server vsa	Enable the ML-Series card to recognize and use VSAs as defined by
	send [accounting authentication]	RADIUS IETF attribute 26.
		• (Optional) Use the accounting keyword to limit the set of recognized
		vendor-specific attributes to only accounting attributes.
		• (Optional) Use the authentication keyword to limit the set of
		recognized vendor-specific attributes to only authentication attributes.
		If you enter this command without keywords, both accounting and
		authentication vendor-specific attributes are used.
		The AAA server includes the authorization level in the VSA response
		message for the ML-Series card.
Step 3
Step 3	Router (config)# end	Return to privileged EXEC mode.
Step 4
Step 4	Router# show running-config	Verify your settings.
Step 5
Step 5	Router# copy running-config	(Optional) Save your entries in the configuration file.
	startup-config

For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, see the “RADIUS Attributes” appendix in the Cisco IOS Security Configuration Guide, Release 12.2.

Configuring the ML-Series Card for Vendor-Proprietary RADIUS Server Communication

Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the ML-Series card and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.

As mentioned earlier, to configure RADIUS (whether vendor-proprietary or IETF draft-compliant), you must specify the host running the RADIUS server daemon and the secret text string it shares with the ML-Series card. You specify the RADIUS host and secret text string by using the radius-serverglobal configuration commands.

	Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

78-18133-01		15-19
78-18133-01		15-19

15310-CL, 15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.

Cisco Systems 15310-CL, 15310-MA manual Send accounting authentication, 15-19

Models: 15310-CL 15310-MA

Command

send [accounting authentication]

startup-config

78-18133-01

15-19

15310-CL, 15310-MA specifications