Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco
  4. Cisco ONS 15454 SONET Multiservice Provisioning Platform (MSPP)
  5. Guía De Diseño

Cisco Cisco ONS 15454 SONET Multiservice Provisioning Platform (MSPP) Guía De Diseño

Descargar
Página de 414
 
OL-4556-01
 
286
 
Access Control List Example With Proxy Server Enabled 
 
The following ACL (access control list) examples shows a firewall configuration when the Proxy 
Server feature is enabled.  As with the first example, the CTC workstation address is 
192.168.10.10 and the ONS 15454 address is 10.10.10.100.  The firewall is attached to the GNE 
CTC, so inbound is CTC to the GNE and outbound is from the GNE to CTC. CTC CORBA 
Standard constant (683) and TCC CORBA Default is TCC Fixed (57790). 
 
access-list 100 remark *** Inbound ACL, CTC -> NE *** 
access-list 100 remark 
access-list 100 permit tcp host 192.168.10.10 any host 10.10.10.100 eq www 
access-list 100 remark *** allows initial contact with the 15454 using http (port 80) *** 
access-list 100 remark 
access-list 100 permit tcp host 192.168.10.10 683 host 10.10.10.100 eq 57790 
access-list 100 remark *** allows CTC communication with the 15454 GNE (port 57790) *** 
access-list 100 remark 
access-list 100 permit tcp host 192.168.10.10 683 host 10.10.10.100 eq 1080 
access-list 100 remark *** allows CTC communication with the 15454 GNE proxy server (port 
1080) *** 
access-list 100 remark 
access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 established 
access-list 100 remark *** allows ACKs from CTC to the 15454 GNE *** 
access-list 101 remark *** Outbound ACL, NE -> CTC *** 
access-list 101 remark 
access-list 101 permit tcp host 10.10.10.100 any host 192.168.10.10 eq 683 
access-list 101 remark *** allows alarms and other communications from the 15454 (random 
port) to the CTC workstation (port 683) *** 
access-list 100 remark 
access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 established 
access-list 101 remark *** allows ACKs from the 15454 GNE to CTC *** 
 
Security 
 
The ONS 15454 offers security against unauthorized access to the system.  It features a locked 
door to the front compartment to physically protect access to the assembly shelf m cards, and 
cables.  A pinned hex key that unlocks the front door is shipped with the ONS 15454.  A button on 
the right side of the shelf assembly releases the door.  In addition to the Craft Only and Firewall 
features described previously in this chapter, the DCC can be disabled to provide further 
protection against remote intrusion.  Provisionable user idle time and log-out control is available 
to log out an inactive user. 
 
User Security Levels 
 
CISCO15 is the default user ID provided with every shipped ONS 15454 system.  The password 
for CISCO15 is not assigned from factory.  The user ID “CISCO15” is not prompted when you 
sign into CTC.  This default user ID is provided to set up the ONS 15454 system for initial use.  
Once the system is set up, you can assign a password to CISCO15, or delete it if your running 
System Release 4.0 or higher. 
 
Each user ID created on an ONS 15454 can be provisioned for a single or multiple occurrence.  If 
the user ID for a node is provisioned to be active in a single occurrence, then no one else can log 
into that node as CISCO15 if another user is currently logged into it as CISCO15.  The default 
setting for each ONS 15454 node is to allow multiple concurrent user ID sessions.