Filter
Top Products
13-20
Cisco ONS 15454 Reference Manual, R8.5.x
78-18106-01
Chapter 13 Management Network Connectivity
13.2.9 IP Scenario 9: IP Addressing with Secure Mode Enabled
Figure 13-15 IP Scenario 8: Dual GNEs on Different Subnets
13.2.9 IP Scenario 9: IP Addressing with Secure Mode Enabled
The TCC2 card and TCC2P card both default to nonsecure mode. In this mode, the front and back
Ethernet (LAN) ports share a single MAC address and IP address. TCC2P cards allow you to place a
node in secure mode, which prevents a front-access craft port user from accessing the LAN through the
backplane port. Secure mode can be locked, which prevents the mode from being altered. To place a node
in secure mode or to lock secure node, refer to the “Change Node Settings” chapter in the
Cisco ONS 15454 Procedure Guide.
13.2.9.1 Secure Mode Behavior
Changing a TCC2P node from repeater mode to secure mode allows you to provision two IP addresses
for the ONS 15454 and causes the node to assign the ports different MAC addresses. In secure mode,
one IP address is provisioned for the ONS 15454 backplane LAN port, and the other IP address is
provisioned for the TCC2P Ethernet port. Both addresses reside on different subnets, providing an
additional layer of separation between the craft access port and the ONS 15454 LAN. If secure mode is
115259
Remote CTC
10.10.20.10
10.10.20.0/24
10.10.10.0/24 10.20.10.0/24
Interface 0/0
10.10.20.1
Router A
Interface 0/1
10.10.10.1
Interface 0/2
10.20.10.1
ONS 15454
GNE
10.10.10.100/24
ONS 15454
ENE
192.168.10.250/24
ONS 15454
GNE
10.20.10.100/24
ONS 15454
ENE
192.168.10.200/24
Local/Craft CTC
192.168.20.20
Ethernet
SONET