Chapter 16 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

 

Command

Purpose

Step 3

 

 

Router (config)# radius-server host

Specify the IP address or hostname of the remote RADIUS server host.

 

{hostname ip-address}[auth-port

(Optional) For auth-portport-number, specify the UDP destination

 

port-number][acct-portport-number]

 

port for authentication requests.

 

[timeout seconds] [retransmit retries]

 

(Optional) For acct-portport-number, specify the UDP destination

 

[key string]

 

 

port for accounting requests.

 

 

(Optional) For timeout seconds, specify the time interval that the

 

 

switch waits for the RADIUS server to reply before resending. The

 

 

range is 1 to 1000. This setting overrides the radius-server timeout

 

 

global configuration command setting. If no timeout is set with the

 

 

radius-server host command, the setting of the radius-server

 

 

timeout command is used.

 

 

(Optional) For retransmit retries, specify the number of times a

 

 

RADIUS request is resent to a server if that server is not responding

 

 

or responding slowly. The range is 1 to 1000. If no retransmit value is

 

 

set with the radius-server host command, the setting of the

 

 

radius-server retransmit global configuration command is used.

 

 

(Optional) For key string, specify the authentication and encryption

 

 

key used between the switch and the RADIUS daemon running on the

 

 

RADIUS server.

 

 

Note The key is a text string that must match the encryption key used

 

 

on the RADIUS server. Always configure the key as the last item

 

 

in the radius-server host command. Leading spaces are ignored,

 

 

but spaces within and at the end of the key are used. If you use

 

 

spaces in your key, do not enclose the key in quotation marks

 

 

unless the quotation marks are part of the key.

 

 

To configure the switch to recognize more than one host entry associated

 

 

with a single IP address, enter this command as many times as necessary,

 

 

making sure that each UDP port number is different. The switch software

 

 

searches for hosts in the order in which you specify them. Set the timeout,

 

 

retransmit, and encryption key values to use with the specific RADIUS

 

 

host.

Step 4

 

 

Router (config)# aaa group server

Define the AAA server-group with a group name.

 

radius group-name

This command puts the ML-Series card in a server group configuration

 

 

 

 

mode.

Step 5

 

 

Router (config-sg-radius)# server

Associate a particular RADIUS server with the defined server group.

 

ip-address

Repeat this step for each RADIUS server in the AAA server group.

 

 

Each server in the group must be previously defined in Step 2.

Step 6

 

 

Router (config-sg-radius)# end

Return to privileged EXEC mode.

Step 7

 

 

Router # show running-config

Verify your entries.

Step 8

 

 

Router # copy running-config

(Optional) Save your entries in the configuration file.

 

startup-config

 

Step 9

 

 

 

Enable RADIUS login authentication. See the “Configuring AAA Login

 

 

Authentication” section on page 16-11.

 

 

 

 

 

 

Cisco ONS 15310-CL, ONS 15310-MA, and ONS 15310-MA SDH Ethernet Card Software Feature and Configuration Guide, R9.1 and R9.2

 

 

 

 

16-14

78-19415-01

 

 

 

Page 211 Page 213
Page 212
Image 212
Cisco Systems Cisco ONS 15310-MA, ONS 15310-CL Router config# aaa group server, Router config-sg-radius# server, 16-14
Page 211 Page 213

ONS 15310-CL, ONS 15310-MA, Cisco ONS 15310-MA specifications

Cisco Systems has long been a leader in networking and telecommunications technology, and among its impressive lineup of products, the Cisco ONS 15310 series stands out as an essential solution for optical networking. This series includes models such as the ONS 15310-MA, ONS 15310-CL, and ONS 15310-CA, each designed to meet the diverse needs of service providers and enterprises seeking to enhance their optical transport networks.

The Cisco ONS 15310-MA is an advanced multi-service platform designed for metropolitan area networks. It facilitates the seamless transport of data, voice, and video over optical networks. One of its main features is its ability to support a variety of interfaces, including Ethernet, SONET/SDH, and Wavelength Division Multiplexing (WDM), allowing users to integrate multiple services into a single platform. Additionally, the ONS 15310-MA supports advanced traffic management and Quality of Service (QoS) features to prioritize critical applications and ensure consistent performance.

The ONS 15310-CL variant is tailored for more specific applications, providing enhanced capabilities aimed at delivering carrier-grade services. It features a robust architecture that accommodates high-capacity traffic without compromising reliability. This model emphasizes low power consumption and a compact design, making it suitable for deployment in space-constrained environments. The ONS 15310-CL also supports a wide range of optical interfaces, making it highly flexible for various network configurations.

In terms of technologies, the Cisco ONS 15310 series leverages Optical Transport Network (OTN) capabilities, providing high efficiency and greater bandwidth utilization. OTN technology enables efficient error correction and adds resilience to the network through its built-in protection mechanisms. Furthermore, the series supports seamless integration with existing IP/MPLS networks, creating a cohesive infrastructure as organizations evolve their networking requirements.

One of the defining characteristics of the ONS 15310 series is its focus on scalability. Network operators can start with a modest deployment and gradually expand capacity as demand grows. This adaptability is complemented by Cisco's comprehensive management and monitoring tools, providing operators with real-time insights into network performance and facilitating proactive management.

In conclusion, the Cisco ONS 15310-MA and ONS 15310-CL models represent sophisticated solutions for modern optical networks. With their versatile features, advanced technologies, and robust design, they empower service providers and enterprises to build resilient, high-capacity networks that meet the demands of today’s data-driven world.
Top Page Image Contents