Cisco Cisco ONS 15454 SONET Multiservice Provisioning Platform (MSPP) Guía De Diseño
OL-4556-01
285
Provisioning an External Firewall
Table 8-5 shows the ports that are used by the TCC+/TCC2.
Table 8-5: Ports Used by the TCC+/TCC2
Port Function
0 Never
0 Never
used
21 FTP
control
23 Telnet
80 HTTP
111
80 HTTP
111
rpc (not used; but port is in use)
513
rlogin (not used; but port is in use)
<1023
Default CTC listener ports
1080 Proxy
server
2001-2017 I/O
card
Telnet
2018
DCC processor on active TCC+/TCC2
2361 TL1
3082 TL1
3083 TL1
5001
3082 TL1
3083 TL1
5001
BLSR server port
5002
BLSR client port
7200
SNMP input port
9100 EQM
port
9101
EQM port 2
9401
TCC boot port
9999 Flash
manager
10240-12288 Proxy
client
57790
Default TCC listener port
Access Control List Example With Proxy Server Not Enabled
The following ACL (access control list) examples shows a firewall configuration when the Proxy
Server feature is not enabled. In the example, the CTC workstation's address is 192.168.10.10.
and the ONS 15454 address is 10.10.10.100. The firewall is attached to the GNE CTC, so
inbound is CTC to the GNE and outbound is from the GNE to CTC. The CTC CORBA Standard
constant is 683 and the TCC CORBA Default is TCC Fixed (57790).
access-list 100 remark *** Inbound ACL, CTC -> NE ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 any host 10.10.10.100 eq www
access-list 100 remark *** allows initial contact with the 15454 using http (port 80) ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 683 host 10.10.10.100 eq 57790
access-list 100 remark *** allows CTC communication with the 15454 GNE (port 57790) ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 established
access-list 100 remark *** allows ACKs back from CTC to the 15454 GNE ***
access-list 101 remark *** Outbound ACL, NE -> CTC ***
access-list 101 remark
access-list 101 permit tcp host 10.10.10.100 any host 192.168.10.10 eq 683
access-list 101 remark *** allows alarms etc., from the 15454 (random port) to the CTC workstation (port
683) ***
access-list 100 remark
access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 established
access-list 101 remark *** allows ACKs from the 15454 GNE to CTC ***