Filter
Top Products
12-12
Cisco ONS 15454 SDH Reference Manual, R5.0
April 2008
Chapter 12 CTC Network Connectivity
12.2.7 Scenario 7: Provisioning the ONS 15454 SDH Proxy Server
network elements (ENEs). The GNE tunnels connections between CTC computers and ENE
ONS 15454 SDH nodes, providing management capability while preventing access for non-ONS 15454
SDH management purposes.
The ONS 15454 SDH proxy server performs the following tasks:
• Isolates DCC IP traffic from Ethernet (craft port) traffic and accepts packets based on filtering rules.
The filtering rules (see Table 12-3 on page 12-16 and Table 12-4 on page 12-17) depend on whether
the packet arrives at the ONS 15454 SDH DCC or TCC2/TCC2P Ethernet interface.
• Processes SNTP (Simple Network Time Protocol) and NTP (Network Time Protocol) requests.
ENEs can derive time-of-day from an SNTP/NTP LAN server through the GNE ONS 15454 SDH.
• Processes SNMPv1 traps. The GNE ONS 15454 SDH receives SNMPv1 traps from the ENE
ONS 15454 SDH nodes and forwards them to all provisioned SNMPv1 trap destinations.
The ONS 15454 SDH proxy server is provisioned using the Enable proxy server on port check box on
the Provisioning > Network > General tab (Figure 12-10). If checked, the ONS 15454 SDH serves as a
proxy for connections between CTC clients and ONS 15454 SDHs that are DCC-connected to the proxy
ONS 15454 SDH. The CTC client establishes connections to DCC-connected nodes through the proxy
node. The CTC client can connect to nodes that it cannot directly reach from the host on which it runs.
If not selected, the node does not proxy for any CTC clients, although any established proxy connections
continue until the CTC client exits. In addition, you can set the proxy server as an ENE or a GNE:
Note If you launch CTC against a node through a NAT (Network Address Translation) or PAT (Port
Address Translation) router and that node does not have proxy enabled, your CTC session starts
and initially appears to be fine. However CTC never receives alarm updates and disconnects and
reconnects every two minutes. If the proxy is accidentally disabled, it is still possible to enable
the proxy during a reconnect cycle and recover your ability to manage the node, even through a
NAT/PAT firewall.
• External Network Element (ENE)—If set as an ENE, the ONS 15454 SDH neither installs nor
advertises default or static routes. CTC computers can communicate with the ONS 15454 SDH using
the TCC2/TCC2P craft port, but they cannot communicate directly with any other DCC-connected
ONS 15454 SDH.
In addition, firewall is enabled, which means that the node prevents IP traffic from being routed
between the DCC and the LAN port. The ONS 15454 SDH can communicate with machines
connected to the LAN port or connected through the DCC. However, the DCC-connected machines
cannot communicate with the LAN-connected machines, and the LAN-connected machines cannot
communicate with the DCC-connected machines. A CTC client using the LAN to connect to the
firewall-enabled node can use the proxy capability to manage the DCC-connected nodes that would
otherwise be unreachable. A CTC client connected to a DCC-connected node can only manage other
DCC-connected nodes and the firewall itself.
• Gateway Network Element (GNE)—If set as a GNE, the CTC computer is visible to other
DCC-connected nodes and firewall is enabled.
• Proxy-only—If Proxy-only is selected, CTC cannot communicate with any other DCC-connected
ONS 15454 SDHs and firewall is not enabled.