Filter
Top Products
15-8
Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5
78-18133-01
Chapter 15 Configuring Security for the ML-Series Card
RADIUS Stand Alone Mode
Understanding RADIUS
When a user attempts to log in and authenticate to an ML-Series card with access controlled by a
RADIUS server, these events occur:
1. The user is prompted to enter a username and password.
2. The username and encrypted password are sent over the network to the RADIUS server.
3. The user receives one of these responses from the RADIUS server:
a. ACCEPT—The user is authenticated.
b. REJECT—The user is either not authenticated and is prompted to reenter the username and
password, or access is denied.
The ACCEPT and REJECT responses are bundled with additional data that is used for privileged EXEC
or network authorization. Users must first successfully complete RADIUS authentication before
proceeding to RADIUS authorization if it is enabled. The additional data included with the ACCEPT and
REJECT packets includes these items:
• Telnet, SSH, rlogin, or privileged EXEC services
• Connection parameters, including the host or client IP address, access list, and user timeouts
Configuring RADIUS
This section describes how to configure your ML-Series card to support RADIUS. At a minimum, you
must identify the host or hosts that run the RADIUS server software and define the method lists for
RADIUS authentication. You must also apply the method list to the interface on which you want
authentication to occur. For the ML-Series card, this is the vty ports. You can optionally define method
lists for RADIUS authorization and accounting.
You should have access to and should configure a RADIUS server before configuring RADIUS features
on your ML-Series card.
These sections contain this configuration information:
• Default RADIUS Configuration, page 15-9
• Identifying the RADIUS Server Host, page 15-9 (required)
• Configuring AAA Login Authentication, page 15-11 (required)
• Defining AAA Server Groups, page 15-13 (optional)
• Configuring RADIUS Authorization for User Privileged Access and Network Services, page 15-15
(optional)
• Starting RADIUS Accounting, page 15-16 (optional)
• Configuring a nas-ip-address in the RADIUS Packet, page 15-17 (optional)
• Configuring Settings for All RADIUS Servers, page 15-17 (optional)
• Configuring the ML-Series Card to Use Vendor-Specific RADIUS Attributes, page 15-18 (optional)
• Configuring the ML-Series Card for Vendor-Proprietary RADIUS Server Communication,
page 15-19 (optional)