Filter
Top Products
5-8
Cisco ONS 15310-MA SDH Reference Manual, Release 9.1 and Release 9.2
78-19417-01
Chapter 5 Security
RADIUS Security
5.3.2 Audit Trail Capacities
The ONS 15310-MA SDH is able to store 640 log entries.When this limit is reached, the oldest entries
are overwritten with new events. When the log server is 80 percent full, an AUD-LOG-LOW condition
is raised and logged.
When the log server reaches the maximum capacity of 640 entries and begins overwriting records that
were not archived, an AUD-LOG-LOSS condition is raised and logged. This event indicates that audit
trail records have been lost. Until you off-load the file, this event will not occur a second time regardless
of the amount of entries that are overwritten by incoming data. To export the audit trail log, refer to the
Cisco ONS 15310-MA SDH Procedure Guide.
5.4 RADIUS Security
Users with Superuser security privileges can configure nodes to use Remote Authentication Dial In User
Service (RADIUS) authentication. Cisco Systems uses a strategy known as authentication,
authorization, and accounting (AAA) for enabling, verifying, and tracking the actions of remote users.
RADIUS server supports IPv6 addresses and can process authentication requests from a GNE or an ENE
that uses IPv6 addresses.
5.4.1 RADIUS Authentication
RADIUS is a system of distributed security that secures remote access to networks and network services
against unauthorized access. RADIUS contains three components:
• A protocol with a frame format that utilizes User Datagram Protocol (UDP)/IP
• A server
• A client
The server runs on a central computer, typically at a customer site, while the clients reside in the dial-up
access servers and can be distributed throughout the network.
ONS 15310-MA SDH nodes operate as clients of the RADIUS server. The client is responsible for
passing user information to designated RADIUS servers, and then acting on the response that is returned.
RADIUS servers are responsible for receiving user connection requests, authenticating the user, and
returning all configuration information necessary for the client to deliver service to the user. The
RADIUS servers can act as proxy clients to other kinds of authentication servers. Transactions between
the RADIUS client and server are authenticated through the use of a shared secret, which is never sent
over the network. In addition, any user passwords are sent encrypted between the client and RADIUS
server. This prevents someone monitoring an unsecured network from determine a user's password.
Refer to the Cisco ONS 15310-MA SDH Procedure Guide to implement RADIUS authentication.
5.4.2 Shared Secrets
A shared secret is a text string that serves as a password between:
• A RADIUS client and a RADIUS server
• A RADIUS client and a RADIUS proxy
• A RADIUS proxy and a RADIUS server