Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco
  4. Cisco ONS 15454 SONET Multiservice Provisioning Platform (MSPP)
  5. Guía De Diseño

Cisco Cisco ONS 15454 SONET Multiservice Provisioning Platform (MSPP) Guía De Diseño

Descargar
Página de 414
 
OL-4556-01
 
285
Provisioning an External Firewall 
 
Table 8-5 shows the ports that are used by the TCC+/TCC2. 
 
Table 8-5: Ports Used by the TCC+/TCC2 
Port Function 
0 Never 
used 
21 FTP 
control 
23 Telnet 
80 HTTP 
111 
rpc (not used; but port is in use) 
513 
rlogin (not used; but port is in use) 
<1023 
Default CTC listener ports 
1080 Proxy 
server 
2001-2017 I/O 
card 
Telnet 
2018 
DCC processor on active TCC+/TCC2 
2361 TL1 
3082 TL1 
3083 TL1 
5001 
BLSR server port 
5002 
BLSR client port 
7200 
SNMP input port 
9100 EQM 
port 
9101 
EQM port 2 
9401 
TCC boot port 
9999 Flash 
manager 
10240-12288 Proxy 
client 
57790 
Default TCC listener port 
 
Access Control List Example With Proxy Server Not Enabled 
 
The following ACL (access control list) examples shows a firewall configuration when the Proxy 
Server feature is not enabled.  In the example, the CTC workstation's address is 192.168.10.10. 
and the ONS 15454 address is 10.10.10.100.  The firewall is attached to the GNE CTC, so 
inbound is CTC to the GNE and outbound is from the GNE to CTC.  The CTC CORBA Standard 
constant is 683 and the TCC CORBA Default is TCC Fixed (57790). 
 
access-list 100 remark *** Inbound ACL, CTC -> NE *** 
access-list 100 remark 
access-list 100 permit tcp host 192.168.10.10 any host 10.10.10.100 eq www 
access-list 100 remark *** allows initial contact with the 15454 using http (port 80) *** 
access-list 100 remark 
access-list 100 permit tcp host 192.168.10.10 683 host 10.10.10.100 eq 57790 
access-list 100 remark *** allows CTC communication with the 15454 GNE (port 57790) *** 
access-list 100 remark 
access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 established 
access-list 100 remark *** allows ACKs back from CTC to the 15454 GNE *** 
access-list 101 remark *** Outbound ACL, NE -> CTC *** 
access-list 101 remark 
access-list 101 permit tcp host 10.10.10.100 any host 192.168.10.10 eq 683 
access-list 101 remark *** allows alarms etc., from the 15454 (random port) to the CTC workstation (port 
683) *** 
access-list 100 remark 
access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 established 
access-list 101 remark *** allows ACKs from the 15454 GNE to CTC ***