Chapter 3 Initial Configuration

Configuring Security Features

Configuring Security Features

The Cisco ONS 15530 supports the following Cisco IOS software security features:

AAA (authentication, authorization, and accounting)

Kerberos

RADIUS

TACACS+

Traffic filters and firewalls

Passwords and privileges

Configuring AAA

This section describes the AAA features supported by the Cisco ONS 15530.

Configuring Authentication

To configure AAA authentication, perform the following tasks:

Step 1 Enable AAA by using the aaa new-modelglobal configuration command.

Step 2 Configure security protocol parameters, such as RADIUS, TACACS+, or Kerberos if you are using a security server. Refer to the “Configuring RADIUS” chapter, the “Configuring TACACS+” chapter, or the “Configuring Kerberos” chapter in the Cisco IOS Security Configuration Guide.

Step 3 Define the method lists for authentication by using an AAA authentication command.

Step 4 Apply the method lists to a particular interface or line, if required.

Refer to the “ Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.

Configuring Authorization

The AAA authorization feature enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user's profile, which is located either in the local user database or on the security server, to configure the user's session. Once this is done, the user is granted access to a requested service only if the information in the user profile allows it.

Refer to the “ Configuring Authorization” chapter in the Cisco IOS Security Configuration Guide.

Configuring Accounting

The AAA accounting feature enables you to track the services that users are accessing and the amount of network resources that they are consuming. When AAA accounting is enabled, the network access server reports user activity to the TACACS+ or RADIUS security server (depending on which security

 

 

Cisco ONS 15530 Configuration Guide and Command Reference

 

 

 

 

 

 

78-16019-02, Cisco IOS Release 12.2(18)SV2

 

 

3-9

 

 

 

 

 

Page 9
Image 9
Cisco Systems 78-16019-02 manual Configuring Security Features, Configuring AAA, Configuring Authentication