Chapter 16 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

 

Command

Purpose

Step 5

 

 

Router (config)# radius-server

Specify the number of minutes to mark as "dead" any RADIUS servers that

 

deadtime minutes

fail to respond to authentication requests. A RADIUS server marked as

 

 

"dead" is skipped by additional authentication requests for the specified

 

 

number of minutes. This allows trying the next configured server without

 

 

having to wait for the request to time out before. If all RADIUS servers are

 

 

marked as "dead," the skipping will not take place.

 

 

The default is 0; the range is 1 to 1440 minutes.

Step 6

 

 

Router (config)# end

Return to privileged EXEC mode.

Step 7

 

 

Router# show running-config

Verify your settings.

Step 8

 

 

Router# copy running-config

(Optional) Save your entries in the configuration file.

 

startup-config

 

 

 

 

To return to the default setting for the retransmit, timeout, and deadtime, use the no forms of these commands.

Configuring the ML-Series Card to Use Vendor-Specific RADIUS Attributes

The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the ML-Series card and the RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes that are not suitable for general use. The Cisco RADIUS implementation supports one vendor-specific option by using the format recommended in the specification. Cisco’s vendor-ID is 9, and the supported option has vendor-type 1, which is named cisco-avpair. The value is a string with this format:

protocol : attribute sep value *

Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco Terminal Access Controller Access Control System Plus (TACACS+) specification, and sep is the character = for mandatory attributes and the character * for optional attributes. The full set of features available for TACACS+ authorization can then be used for RADIUS.

For example, this AV pair activates Cisco’s multiple named ip address pools feature during IP authorization (during point-to-point protocol [PPP] internet protocol control protocol (IPCP) address assignment):

cisco-avpair=”ip:addr-pool=first“

This example shows how to specify an authorized VLAN in the RADIUS server database:

cisco-avpair=”tunnel-type(#64)=VLAN(13)”

cisco-avpair=”tunnel-medium-type(#65)=802 media(6)”

cisco-avpair=”tunnel-private-group-ID(#81)=vlanid”

This example shows how to apply an input access control list (ACL) in ASCII format to an interface for the duration of this connection:

cisco-avpair=“ip:inacl#1=deny ip 10.10.10.10 0.0.255.255 20.20.20.20 255.255.0.0”

cisco-avpair=“ip:inacl#2=deny ip 10.10.10.10 0.0.255.255 any”

cisco-avpair=“mac:inacl#3=deny any any decnet-iv”

This example shows how to apply an output ACL in ASCII format to an interface for the duration of this connection:

 

 

 

Cisco ONS 15310-CL, ONS 15310-MA, and ONS 15310-MA SDH Ethernet Card Software Feature and Configuration Guide, R9.1 and R9.2

 

 

 

 

16-18

78-19415-01

 

 

 

Page 215 Page 217
Page 216
Image 216
Cisco Systems ONS 15310-CL, ONS 15310-MA manual Deadtime minutes, Marked as dead, the skipping will not take place, 16-18
Page 215 Page 217

ONS 15310-CL, ONS 15310-MA, Cisco ONS 15310-MA specifications

Cisco Systems has long been a leader in networking and telecommunications technology, and among its impressive lineup of products, the Cisco ONS 15310 series stands out as an essential solution for optical networking. This series includes models such as the ONS 15310-MA, ONS 15310-CL, and ONS 15310-CA, each designed to meet the diverse needs of service providers and enterprises seeking to enhance their optical transport networks.

The Cisco ONS 15310-MA is an advanced multi-service platform designed for metropolitan area networks. It facilitates the seamless transport of data, voice, and video over optical networks. One of its main features is its ability to support a variety of interfaces, including Ethernet, SONET/SDH, and Wavelength Division Multiplexing (WDM), allowing users to integrate multiple services into a single platform. Additionally, the ONS 15310-MA supports advanced traffic management and Quality of Service (QoS) features to prioritize critical applications and ensure consistent performance.

The ONS 15310-CL variant is tailored for more specific applications, providing enhanced capabilities aimed at delivering carrier-grade services. It features a robust architecture that accommodates high-capacity traffic without compromising reliability. This model emphasizes low power consumption and a compact design, making it suitable for deployment in space-constrained environments. The ONS 15310-CL also supports a wide range of optical interfaces, making it highly flexible for various network configurations.

In terms of technologies, the Cisco ONS 15310 series leverages Optical Transport Network (OTN) capabilities, providing high efficiency and greater bandwidth utilization. OTN technology enables efficient error correction and adds resilience to the network through its built-in protection mechanisms. Furthermore, the series supports seamless integration with existing IP/MPLS networks, creating a cohesive infrastructure as organizations evolve their networking requirements.

One of the defining characteristics of the ONS 15310 series is its focus on scalability. Network operators can start with a modest deployment and gradually expand capacity as demand grows. This adaptability is complemented by Cisco's comprehensive management and monitoring tools, providing operators with real-time insights into network performance and facilitating proactive management.

In conclusion, the Cisco ONS 15310-MA and ONS 15310-CL models represent sophisticated solutions for modern optical networks. With their versatile features, advanced technologies, and robust design, they empower service providers and enterprises to build resilient, high-capacity networks that meet the demands of today’s data-driven world.
Top Page Image Contents