Chapter 16 Configuring Security for the ML-Series Card

Secure Shell on the ML-Series Card

SSH has two applications, an SSH server and SSH client. The ML-Series card only supports the SSH server and does not support the SSH client. The SSH server in Cisco IOS software works with publicly and commercially available SSH clients.

The SSH server enables a connection into the ML-Series card, similar to an inbound Telnet connection, but with stronger security. Before SSH, security was limited to the native security in Telnet. SSH improves on this by allowing the use of Cisco IOS software authentication.

The ONS node also supports SSH. When SSH is enabled on the ONS node, you use SSH to connect to the ML-Series card for Cisco IOS CLI sessions.

Note Telnet access to the ML-Series card is not automatically disabled when SSH is enabled. The user can disable Telnet access with the vty line configuration command transport input ssh.

Configuring SSH

This section has configuration information:

Configuration Guidelines, page 16-3

Setting Up the ML-Series Card to Run SSH, page 16-3(required)

Configuring the SSH Server, page 16-5(required)

Configuration Guidelines

Follow these guidelines when configuring the ML-Series card as an SSH server:

The new model of AAA and a AAA login method must be enabled. If not previously enabled, complete the “Configuring AAA Login Authentication” section on page 16-11.

A Rivest, Shamir, and Adelman (RSA) key pair generated by a SSHv1 server can be used by an SSHv2 server, and the reverse.

If you get CLI error messages after entering the crypto key generate rsa global configuration command, an RSA key pair has not been generated. Reconfigure the hostname and domain, and then enter the crypto key generate rsa command. For more information, see the “Setting Up the ML-Series Card to Run SSH” section on page 16-3.

When generating the RSA key pair, the message No host name specified might appear. If it does, you must configure a hostname by using the hostname global configuration command.

When generating the RSA key pair, the message No domain specified might appear. If it does, you must configure an IP domain name by using the ip domain-nameglobal configuration command.

Setting Up the ML-Series Card to Run SSH

Follow these steps to set up your ML-Series card to run as an SSH server:

1.Configure a hostname and IP domain name for the ML-Series card.

2.Generate an RSA key pair for the ML-Series card, which automatically enables SSH.

3.Configure user authentication for local or remote access. This step is required.

Beginning in privileged EXEC mode, follow these steps to configure a hostname and an IP domain name and to generate an RSA key pair.

Cisco ONS 15310-CL, ONS 15310-MA, and ONS 15310-MA SDH Ethernet Card Software Feature and Configuration Guide, R9.1 and R9.2

 

78-19415-01

16-3

 

 

 

Page 200 Page 202
Page 201
Image 201
Cisco Systems ONS 15310-CL manual Configuring SSH, Configuration Guidelines, Setting Up the ML-Series Card to Run SSH, 16-3
Page 200 Page 202

ONS 15310-CL, ONS 15310-MA, Cisco ONS 15310-MA specifications

Cisco Systems has long been a leader in networking and telecommunications technology, and among its impressive lineup of products, the Cisco ONS 15310 series stands out as an essential solution for optical networking. This series includes models such as the ONS 15310-MA, ONS 15310-CL, and ONS 15310-CA, each designed to meet the diverse needs of service providers and enterprises seeking to enhance their optical transport networks.

The Cisco ONS 15310-MA is an advanced multi-service platform designed for metropolitan area networks. It facilitates the seamless transport of data, voice, and video over optical networks. One of its main features is its ability to support a variety of interfaces, including Ethernet, SONET/SDH, and Wavelength Division Multiplexing (WDM), allowing users to integrate multiple services into a single platform. Additionally, the ONS 15310-MA supports advanced traffic management and Quality of Service (QoS) features to prioritize critical applications and ensure consistent performance.

The ONS 15310-CL variant is tailored for more specific applications, providing enhanced capabilities aimed at delivering carrier-grade services. It features a robust architecture that accommodates high-capacity traffic without compromising reliability. This model emphasizes low power consumption and a compact design, making it suitable for deployment in space-constrained environments. The ONS 15310-CL also supports a wide range of optical interfaces, making it highly flexible for various network configurations.

In terms of technologies, the Cisco ONS 15310 series leverages Optical Transport Network (OTN) capabilities, providing high efficiency and greater bandwidth utilization. OTN technology enables efficient error correction and adds resilience to the network through its built-in protection mechanisms. Furthermore, the series supports seamless integration with existing IP/MPLS networks, creating a cohesive infrastructure as organizations evolve their networking requirements.

One of the defining characteristics of the ONS 15310 series is its focus on scalability. Network operators can start with a modest deployment and gradually expand capacity as demand grows. This adaptability is complemented by Cisco's comprehensive management and monitoring tools, providing operators with real-time insights into network performance and facilitating proactive management.

In conclusion, the Cisco ONS 15310-MA and ONS 15310-CL models represent sophisticated solutions for modern optical networks. With their versatile features, advanced technologies, and robust design, they empower service providers and enterprises to build resilient, high-capacity networks that meet the demands of today’s data-driven world.
Top Page Image Contents