Chapter 5 Security

RADIUS Security

For a configuration that uses a RADIUS client, a RADIUS proxy, and a RADIUS server, the shared secret that is used between the RADIUS client and the RADIUS proxy can be different from the shared secret used between the RADIUS proxy and the RADIUS server.

Shared secrets are used to:

Verify that RADIUS messages, with the exception of the Access-Request message, are sent by a RADIUS-enabled device that is configured with the same shared secret.

Verify that the RADIUS message has not been modified in transit (message integrity).

Encrypt some RADIUS attributes, such as User-Password and Tunnel-Password.

When creating and using a shared secret:

Use the same case-sensitive shared secret on both RADIUS devices.

Use a different shared secret for each RADIUS server-RADIUS client pair.

Generate a random sequence at least 22 characters long to ensure a random shared secret.

Use any standard alphanumeric and special characters.

Use a shared secret of up to 128 characters in length. To protect your server and your RADIUS clients from brute force attacks, use long shared secrets (more than 22 characters).

Make the shared secret a random sequence from each of the following three categories: letters (upper or lower case), numbers, and punctuation.

Change the shared secret often to protect your server and your RADIUS clients from dictionary attacks. An example of a strong shared secret is 8d#>9fq4bV)H7%a3-zE13sW$hIa32M#m<PqAa72(.

Cisco ONS 15310-MA SDH Reference Manual, Release 9.1 and Release 9.2

 

78-19417-01

5-9

 

 

 

Page 115
Image 115
Cisco Systems 15310-MA manual Security Radius Security

15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.