Radius Authentication - Cisco ONS 15454 Reference Manual

9.4 9.3.2 Audit Trail Capacities
•
•
•
•
•
•
•
•
•
•
9.3.2 Audit Trail Capacities
The ONS 15454 is able to store 640 log entries. When this limit is reached, the oldest entries are
overwritten with new events. When the log server is 80 percent full, an AUD-LOG-LOW condition is
raised and logged (by way of CORBA/CTC).
When the log server reaches the maximum capacity of 640 entries and begins overwriting records that
were not archived, an AUD-LOG-LOSS condition is raised and logged. This event indicates that audit
trail records have been lost. Until you off-load the file, this event will not occur a second time regardless
of the amount of entries that are overwritten by incoming data. To export the audit trail log, refer to the
Cisco ONS 15454 Procedure Guide.
9.4 RADIUS Security
Users with Superuser security privileges can configure nodes to use Remote Authentication Dial In User
Service (RADIUS) authentication. Cisco Systems uses a strategy known as authentication,
authorization, and accounting (AAA) for verifying the identity of, granting access to, and tracking the
actions of remote users.

9.4.1 RADIUS Authentication

RADIUS is a system of distributed security that secures remote access to networks and network services
against unauthorized access. RADIUS comprises three components:
•
•
•
The server runs on a central computer, typically at a customer site, while the clients reside in the dial-up
access servers and can be distributed throughout the network.
An ONS 15454 node operates as a client of RADIUS. The client is responsible for passing user
information to designated RADIUS servers, and then acting on the response that is returned. RADIUS
servers are responsible for receiving user connection requests, authenticating the user, and returning all
configuration information necessary for the client to deliver service to the user. The RADIUS servers
can act as proxy clients to other kinds of authentication servers. Transactions between the RADIUS
Cisco ONS 15454 Reference Manual, R7.0.1
9-8
Host—Host from where the activity is logged
Device ID—IP address of the device involved in the activity
Application—Name of the application involved in the activity
Task—Name of the task involved in the activity (view a dialog box, apply configuration, etc.)
Connection Mode—Telnet, Console, SNMP
Category—Type of change (Hardware, Software, Configuration)
Status—Status of the user action (Read, Initial, Successful, Timeout, Failed)
Time—Time of change
Message Type—Whether the event is Success/Failure type
Message Details—Description of the change
A protocol with a frame format that utilizes User Datagram Protocol (UDP)/IP
A server
A client
Chapter 9 Security
OL-9217-01