Chapter 16 Configuring Security for the ML-Series Card

RADIUS Stand Alone Mode

cisco-avpair=“ip:outacl#2=deny ip 10.10.10.10 0.0.255.255 any”

Other vendors have their own unique vendor-IDs, options, and associated VSAs. For more information about vendor-IDs and VSAs, see RFC 2138, “Remote Authentication Dial-In User Service (RADIUS).”

Beginning in privileged EXEC mode, follow these steps to configure the ML-Series card to recognize and use VSAs:

 

Command

Purpose

Step 1

 

 

Router# configure terminal

Enter global configuration mode.

Step 2

 

 

Router (config)# radius-server vsa

Enable the ML-Series card to recognize and use VSAs as defined by

 

send [accounting authentication]

RADIUS IETF attribute 26.

 

 

(Optional) Use the accounting keyword to limit the set of recognized

 

 

vendor-specific attributes to only accounting attributes.

 

 

(Optional) Use the authentication keyword to limit the set of

 

 

recognized vendor-specific attributes to only authentication attributes.

 

 

If you enter this command without keywords, both accounting and

 

 

authentication vendor-specific attributes are used.

 

 

The AAA server includes the authorization level in the VSA response

 

 

message for the ML-Series card.

Step 3

 

 

Router (config)# end

Return to privileged EXEC mode.

Step 4

 

 

Router# show running-config

Verify your settings.

Step 5

 

 

Router# copy running-config

(Optional) Save your entries in the configuration file.

 

startup-config

 

 

 

 

For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, see the “RADIUS Attributes” appendix in the Cisco IOS Security Configuration Guide, Release 12.2.

Configuring the ML-Series Card for Vendor-Proprietary RADIUS Server Communication

Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the ML-Series card and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.

As mentioned earlier, to configure RADIUS (whether vendor-proprietary or IETF draft-compliant), you must specify the host running the RADIUS server daemon and the secret text string it shares with the ML-Series card. You specify the RADIUS host and secret text string by using the radius-serverglobal configuration commands.

Beginning in privileged EXEC mode, follow these steps to specify a vendor-proprietary RADIUS server host and a shared secret text string:

 

 

 

Command

Purpose

 

Step 1

 

 

 

 

 

Router# configure terminal

Enter global configuration mode.

 

Step 2

 

 

 

 

 

Router (config)# radius-server host {hostname

Specify the IP address or hostname of the remote

 

 

 

ip-address}non-standard

RADIUS server host and identify that it is using a

 

 

 

 

vendor-proprietary implementation of RADIUS.

 

 

 

 

 

 

 

 

 

Cisco ONS 15310-CL, ONS 15310-MA, and ONS 15310-MA SDH Ethernet Card Software Feature and Configuration Guide, R9.1 and R9.2

 

 

 

 

 

 

78-19415-01

 

 

16-19

 

 

 

 

 

Page 216 Page 218
Page 217
Image 217
Cisco Systems ONS 15310-MA, ONS 15310-CL Send accounting authentication, Router config# radius-server host hostname, 16-19
Page 216 Page 218

ONS 15310-CL, ONS 15310-MA, Cisco ONS 15310-MA specifications

Cisco Systems has long been a leader in networking and telecommunications technology, and among its impressive lineup of products, the Cisco ONS 15310 series stands out as an essential solution for optical networking. This series includes models such as the ONS 15310-MA, ONS 15310-CL, and ONS 15310-CA, each designed to meet the diverse needs of service providers and enterprises seeking to enhance their optical transport networks.

The Cisco ONS 15310-MA is an advanced multi-service platform designed for metropolitan area networks. It facilitates the seamless transport of data, voice, and video over optical networks. One of its main features is its ability to support a variety of interfaces, including Ethernet, SONET/SDH, and Wavelength Division Multiplexing (WDM), allowing users to integrate multiple services into a single platform. Additionally, the ONS 15310-MA supports advanced traffic management and Quality of Service (QoS) features to prioritize critical applications and ensure consistent performance.

The ONS 15310-CL variant is tailored for more specific applications, providing enhanced capabilities aimed at delivering carrier-grade services. It features a robust architecture that accommodates high-capacity traffic without compromising reliability. This model emphasizes low power consumption and a compact design, making it suitable for deployment in space-constrained environments. The ONS 15310-CL also supports a wide range of optical interfaces, making it highly flexible for various network configurations.

In terms of technologies, the Cisco ONS 15310 series leverages Optical Transport Network (OTN) capabilities, providing high efficiency and greater bandwidth utilization. OTN technology enables efficient error correction and adds resilience to the network through its built-in protection mechanisms. Furthermore, the series supports seamless integration with existing IP/MPLS networks, creating a cohesive infrastructure as organizations evolve their networking requirements.

One of the defining characteristics of the ONS 15310 series is its focus on scalability. Network operators can start with a modest deployment and gradually expand capacity as demand grows. This adaptability is complemented by Cisco's comprehensive management and monitoring tools, providing operators with real-time insights into network performance and facilitating proactive management.

In conclusion, the Cisco ONS 15310-MA and ONS 15310-CL models represent sophisticated solutions for modern optical networks. With their versatile features, advanced technologies, and robust design, they empower service providers and enterprises to build resilient, high-capacity networks that meet the demands of today’s data-driven world.
Top Page Image Contents