3-9
Cisco ONS 15530 Configuration Guide and Command Reference
78-16019-02, Cisco IOS Release 12.2(18)SV2
Chapter3 Initial Configuration Configuring Security Features
Configuring Security Features
The Cisco ONS 15530 supports the following Cisco IOS software security features:
AAA (authentication, authorization, and accounting)
Kerberos
RADIUS
TACACS+
Traffic filters and firewalls
Passwords and privileges

Configuring AAA

This section describes the AAA features supported by the Cisco ONS 15530.

Configuring Authentication

To configure AAA authentication, perform the following tasks:
Step 1 Enable AAA by using the aaa new-model global configuration command.
Step 2 Configure security protocol parameters, such as RADIUS, TACACS+, or Kerberos if you are using a
security server. Refer to the“Configuring RADIUS” chapter, the “Configuring TACACS+” chapter,or
the “Configuring Kerberos”chapter in the Cisco IOS Security Configuration Guide.
Step 3 Define the method lists for authentication by using an AAA authentication command.
Step 4 Apply the method lists to a particular interface or line, if required.
Refer to the “Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.

Configuring Authorization

The AAA authorization feature enables you to limit the services available to a user. When AAA
authorization is enabled, the network access server uses information retrieved from the user's profile,
which is located either in the local user database or on the security server,to configure the user's session.
Once this is done, the user is granted access to a requested service only if the information in the user
profile allows it.
Refer to the “Configuring Authorization” chapter in the Cisco IOS Security Configuration Guide.

Configuring Accounting

The AAA accounting feature enables you to track the services that users are accessing and the amount
of network resources that they are consuming. When AAA accounting is enabled, the network access
server reports user activity to the TACACS+ or RADIUS security server (depending on which security