Configuring The Ml-Series Card For Vendor-Proprietary Radius Server Communication - Cisco ONS 15454 SDH Configuration Manual
Hide thumbs
Also See for ONS 15454 SDH:
- User manual (62 pages) ,
- Manual (40 pages) ,
- Reference manual (22 pages)
Table of Contents
Advertisement
Chapter 19 Configuring Security for the ML-Series Card
cisco-avpair= "ip:outacl#2=deny ip 10.10.10.10 0.0.255.255 any"
Other vendors have their own unique vendor-IDs, options, and associated VSAs. For more information
about vendor-IDs and VSAs, see RFC 2138, "Remote Authentication Dial-In User Service (RADIUS)."
Beginning in privileged EXEC mode, follow these steps to configure the ML-Series card to recognize
and use VSAs:
Command
Step 1
Router# configure terminal
Step 2
Router (config)# radius-server
vsa send [accounting |
authentication]
Step 3
Router (config)# end
Step 4
Router# show running-config
Step 5
Router# copy running-config
startup-config
For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, see the
"RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide, Release 12.2.
Configuring the ML-Series Card for Vendor-Proprietary RADIUS Server Communication
Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary
information between the ML-Series card and the RADIUS server, some vendors have extended the
RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary
RADIUS attributes.
As mentioned earlier, to configure RADIUS (whether vendor-proprietary or IETF draft-compliant), you
must specify the host running the RADIUS server daemon and the secret text string it shares with the
ML-Series card. You specify the RADIUS host and secret text string by using the radius-server global
configuration commands.
Beginning in privileged EXEC mode, follow these steps to specify a vendor-proprietary RADIUS server
host and a shared secret text string:
Command
Step 1
Router# configure terminal
Step 2
Router (config)# radius-server host { hostname |
ip-address } non-standard
Purpose
Enter global configuration mode.
Enable the ML-Series card to recognize and use VSAs as defined by
RADIUS IETF attribute 26.
(Optional) Use the accounting keyword to limit the set of recognized
•
vendor-specific attributes to only accounting attributes.
(Optional) Use the authentication keyword to limit the set of
•
recognized vendor-specific attributes to only authentication attributes.
If you enter this command without keywords, both accounting and
authentication vendor-specific attributes are used.
The AAA server includes the authorization level in the VSA response
message for the ML-Series card.
Return to privileged EXEC mode.
Verify your settings.
(Optional) Save your entries in the configuration file.
Cisco ONS 15454 and Cisco ONS 15454 SDH Ethernet Card Software Feature and Configuration Guide, R8.0
Purpose
Enter global configuration mode.
Specify the IP address or hostname of the remote
RADIUS server host and identify that it is using a
vendor-proprietary implementation of RADIUS.
Configuring RADIUS
19-19
Advertisement
Table of Contents
