Chapter 16 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

Default RADIUS Configuration

RADIUS and AAA are disabled by default. To prevent a lapse in security, you cannot configure RADIUS through a network management application. When enabled, RADIUS can authenticate users accessing the ML-Series card through the Cisco IOS CLI.

Identifying the RADIUS Server Host

ML-Series-card-to-RADIUS-server communication involves several components:

Hostname or IP address

Authentication destination port

Accounting destination port

Key string

Timeout period

Retransmission value

You identify RADIUS security servers by their hostname or IP address, their hostname and specific UDP port numbers, or their IP address and specific UDP port numbers. The combination of the IP address and the UDP port number creates a unique identifier, allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. This unique identifier enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address.

If two different host entries on the same RADIUS server are configured for the same service—for example, accounting—the second host entry configured acts as a fail-over backup to the first one. Using this example, if the first host entry fails to provide accounting services, the ML-Series card tries the second host entry configured on the same device for accounting services.

To configure RADIUS to use the AAA security commands, you must specify the host running the RADIUS server daemon and a secret text (key) string that it shares with the ML-Series card. A RADIUS server, the ONS node, and the ML-Series card use a shared secret text string to encrypt passwords and exchange responses. The system ensures that the ML-Series cards' shared secret matches the shared secret in the ONS node.

Note If you configure both global and per-server functions (timeout, retransmission, and key commands) on the switch, the per-server timer, retransmission, and key value commands override global timer, retransmission, and key value commands. For information on configuring these settings on all RADIUS servers, see the “Configuring Settings for All RADIUS Servers” section on page 16-17.

Note Retransmission and timeout period values can be configured on the ML-Series card in stand alone mode. These values cannot be configured on the ML-Series card in relay mode.

You can configure the ML-Series card to use AAA server groups to group existing server hosts for authentication. For more information, see the “Defining AAA Server Groups” section on page 16-13.

Beginning in privileged EXEC mode, follow these steps to configure per-server RADIUS server communication. This procedure is required.

Cisco ONS 15310-CL, ONS 15310-MA, and ONS 15310-MA SDH Ethernet Card Software Feature and Configuration Guide, R9.1 and R9.2

 

78-19415-01

16-9

 

 

 

Page 206 Page 208
Page 207
Image 207
Cisco Systems ONS 15310-CL, ONS 15310-MA manual Default Radius Configuration, Identifying the Radius Server Host, 16-9
Page 206 Page 208

ONS 15310-CL, ONS 15310-MA, Cisco ONS 15310-MA specifications

Cisco Systems has long been a leader in networking and telecommunications technology, and among its impressive lineup of products, the Cisco ONS 15310 series stands out as an essential solution for optical networking. This series includes models such as the ONS 15310-MA, ONS 15310-CL, and ONS 15310-CA, each designed to meet the diverse needs of service providers and enterprises seeking to enhance their optical transport networks.

The Cisco ONS 15310-MA is an advanced multi-service platform designed for metropolitan area networks. It facilitates the seamless transport of data, voice, and video over optical networks. One of its main features is its ability to support a variety of interfaces, including Ethernet, SONET/SDH, and Wavelength Division Multiplexing (WDM), allowing users to integrate multiple services into a single platform. Additionally, the ONS 15310-MA supports advanced traffic management and Quality of Service (QoS) features to prioritize critical applications and ensure consistent performance.

The ONS 15310-CL variant is tailored for more specific applications, providing enhanced capabilities aimed at delivering carrier-grade services. It features a robust architecture that accommodates high-capacity traffic without compromising reliability. This model emphasizes low power consumption and a compact design, making it suitable for deployment in space-constrained environments. The ONS 15310-CL also supports a wide range of optical interfaces, making it highly flexible for various network configurations.

In terms of technologies, the Cisco ONS 15310 series leverages Optical Transport Network (OTN) capabilities, providing high efficiency and greater bandwidth utilization. OTN technology enables efficient error correction and adds resilience to the network through its built-in protection mechanisms. Furthermore, the series supports seamless integration with existing IP/MPLS networks, creating a cohesive infrastructure as organizations evolve their networking requirements.

One of the defining characteristics of the ONS 15310 series is its focus on scalability. Network operators can start with a modest deployment and gradually expand capacity as demand grows. This adaptability is complemented by Cisco's comprehensive management and monitoring tools, providing operators with real-time insights into network performance and facilitating proactive management.

In conclusion, the Cisco ONS 15310-MA and ONS 15310-CL models represent sophisticated solutions for modern optical networks. With their versatile features, advanced technologies, and robust design, they empower service providers and enterprises to build resilient, high-capacity networks that meet the demands of today’s data-driven world.
Top Page Image Contents