Chapter 16 Configuring Security for the ML-Series Card

Secure Shell on the ML-Series Card

Configuring the SSH Server

Beginning in privileged EXEC mode, follow these steps to configure the SSH server:

 

Command

Purpose

Step 1

 

 

Router # configure terminal

Enter global configuration mode.

Step 2

 

 

Router (config)# ip ssh version [1 2]

(Optional) Configure the ML-Series card to run SSH Version 1 or SSH

 

 

Version 2.

 

 

1—Configure the ML-Series card to run SSH Version 1.

 

 

2—Configure the ML-Series card to run SSH Version 2.

 

 

If you do not enter this command or do not specify a keyword, the SSH

 

 

server selects the latest SSH version supported by the SSH client. For

 

 

example, if the SSH client supports SSHv1 and SSHv2, the SSH server

 

 

selects SSHv2.

Step 3

 

 

Router (config)# ip ssh timeout

Specify the timeout value in seconds; the default is 120 seconds. The

 

seconds

range is 0 to 120 seconds. This parameter applies to the SSH negotiation

 

 

phase. After the connection is established, the ML-Series card uses the

 

 

default timeout values of the CLI-based sessions.

 

 

By default, up to five simultaneous, encrypted SSH connections for

 

 

multiple CLI-based sessions over the network are available (session 0 to

 

 

session 4). After the execution shell starts, the CLI-based session timeout

 

 

value returns to the default of 10 minutes.

Step 4

 

 

Router (config)# ip ssh

Specify the number of times that a client can reauthenticate to the server.

 

authentication-retries number

The default is 3; the range is 0 to 5.

Step 5

 

 

Router (config)# end

Return to privileged EXEC mode.

Step 6

 

 

Router # show ip ssh

Show the version and configuration information for your SSH server.

 

or

 

 

Router # show ssh

Show the status of the SSH server connections on the ML-Series card.

Step 7

 

 

Router # copy running-config

(Optional) Save your entries in the configuration file.

 

startup-config

 

 

 

 

To return to the default SSH control parameters, use the no ip ssh {timeout authentication-retries} global configuration command.

Displaying the SSH Configuration and Status

To display the SSH server configuration and status, use one or more of the privileged EXEC commands in Table 16-1.

 

 

Table 16-1

Commands for Displaying the SSH Server Configuration and Status

 

 

 

 

 

 

 

Command

 

Purpose

 

 

 

 

 

 

 

show ip ssh

 

Shows the version and configuration information for the SSH server.

 

 

 

 

 

 

 

show ssh

 

Shows the status of the SSH server.

 

 

 

 

 

 

 

Cisco ONS 15310-CL, ONS 15310-MA, and ONS 15310-MA SDH Ethernet Card Software Feature and Configuration Guide, R9.1 and R9.2

 

 

 

 

78-19415-01

 

 

 

 

16-5

 

 

 

 

 

 

Page 202 Page 204
Page 203
Image 203
Cisco Systems Cisco ONS 15310-MA manual Displaying the SSH Configuration and Status, Configuring the SSH Server, 16-5
Page 202 Page 204

ONS 15310-CL, ONS 15310-MA, Cisco ONS 15310-MA specifications

Cisco Systems has long been a leader in networking and telecommunications technology, and among its impressive lineup of products, the Cisco ONS 15310 series stands out as an essential solution for optical networking. This series includes models such as the ONS 15310-MA, ONS 15310-CL, and ONS 15310-CA, each designed to meet the diverse needs of service providers and enterprises seeking to enhance their optical transport networks.

The Cisco ONS 15310-MA is an advanced multi-service platform designed for metropolitan area networks. It facilitates the seamless transport of data, voice, and video over optical networks. One of its main features is its ability to support a variety of interfaces, including Ethernet, SONET/SDH, and Wavelength Division Multiplexing (WDM), allowing users to integrate multiple services into a single platform. Additionally, the ONS 15310-MA supports advanced traffic management and Quality of Service (QoS) features to prioritize critical applications and ensure consistent performance.

The ONS 15310-CL variant is tailored for more specific applications, providing enhanced capabilities aimed at delivering carrier-grade services. It features a robust architecture that accommodates high-capacity traffic without compromising reliability. This model emphasizes low power consumption and a compact design, making it suitable for deployment in space-constrained environments. The ONS 15310-CL also supports a wide range of optical interfaces, making it highly flexible for various network configurations.

In terms of technologies, the Cisco ONS 15310 series leverages Optical Transport Network (OTN) capabilities, providing high efficiency and greater bandwidth utilization. OTN technology enables efficient error correction and adds resilience to the network through its built-in protection mechanisms. Furthermore, the series supports seamless integration with existing IP/MPLS networks, creating a cohesive infrastructure as organizations evolve their networking requirements.

One of the defining characteristics of the ONS 15310 series is its focus on scalability. Network operators can start with a modest deployment and gradually expand capacity as demand grows. This adaptability is complemented by Cisco's comprehensive management and monitoring tools, providing operators with real-time insights into network performance and facilitating proactive management.

In conclusion, the Cisco ONS 15310-MA and ONS 15310-CL models represent sophisticated solutions for modern optical networks. With their versatile features, advanced technologies, and robust design, they empower service providers and enterprises to build resilient, high-capacity networks that meet the demands of today’s data-driven world.
Top Page Image Contents