Cisco Cisco ONS 15454 SONET Multiservice Provisioning Platform (MSPP) Guía De Diseño
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
OL-4556-01
286
Access Control List Example With Proxy Server Enabled
The following ACL (access control list) examples shows a firewall configuration when the Proxy
Server feature is enabled. As with the first example, the CTC workstation address is
192.168.10.10 and the ONS 15454 address is 10.10.10.100. The firewall is attached to the GNE
CTC, so inbound is CTC to the GNE and outbound is from the GNE to CTC. CTC CORBA
Standard constant (683) and TCC CORBA Default is TCC Fixed (57790).
access-list 100 remark *** Inbound ACL, CTC -> NE ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 any host 10.10.10.100 eq www
access-list 100 remark *** allows initial contact with the 15454 using http (port 80) ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 683 host 10.10.10.100 eq 57790
access-list 100 remark *** allows CTC communication with the 15454 GNE (port 57790) ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 683 host 10.10.10.100 eq 1080
access-list 100 remark *** allows CTC communication with the 15454 GNE proxy server (port
1080) ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 established
access-list 100 remark *** allows ACKs from CTC to the 15454 GNE ***
access-list 101 remark *** Outbound ACL, NE -> CTC ***
access-list 101 remark
access-list 101 permit tcp host 10.10.10.100 any host 192.168.10.10 eq 683
access-list 101 remark *** allows alarms and other communications from the 15454 (random
port) to the CTC workstation (port 683) ***
access-list 100 remark
access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 established
access-list 101 remark *** allows ACKs from the 15454 GNE to CTC ***
Security
The ONS 15454 offers security against unauthorized access to the system. It features a locked
door to the front compartment to physically protect access to the assembly shelf m cards, and
cables. A pinned hex key that unlocks the front door is shipped with the ONS 15454. A button on
the right side of the shelf assembly releases the door. In addition to the Craft Only and Firewall
features described previously in this chapter, the DCC can be disabled to provide further
protection against remote intrusion. Provisionable user idle time and log-out control is available
to log out an inactive user.
User Security Levels
CISCO15 is the default user ID provided with every shipped ONS 15454 system. The password
for CISCO15 is not assigned from factory. The user ID “CISCO15” is not prompted when you
sign into CTC. This default user ID is provided to set up the ONS 15454 system for initial use.
Once the system is set up, you can assign a password to CISCO15, or delete it if your running
System Release 4.0 or higher.
Each user ID created on an ONS 15454 can be provisioned for a single or multiple occurrence. If
the user ID for a node is provisioned to be active in a single occurrence, then no one else can log
into that node as CISCO15 if another user is currently logged into it as CISCO15. The default
setting for each ONS 15454 node is to allow multiple concurrent user ID sessions.