Filter
Top Products
13-21
Cisco ONS 15454 Reference Manual, R8.5.x
78-18106-01
Chapter 13 Management Network Connectivity
13.2.9 IP Scenario 9: IP Addressing with Secure Mode Enabled
enabled, the IP addresses provisioned for both TCC2P TCP/IP LAN ports must follow general IP
addressing guidelines and must reside on different subnets from each other and the default router IP
address.
In secure mode, the IP address assigned to the front LAN (Ethernet) port becomes a private address,
while the backplane connects the node to an Operations Support System (OSS) through a central office
LAN or private enterprise network. A superuser can configure the node to hide or reveal the backplane's
LAN IP address in CTC, the routing table, or autonomous message reports.
In nonsecure mode, a node can be a GNE or ENE. Placing the node into secure mode automatically turns
on SOCKS proxy and defaults the node to GNE status. However, the node can be changed back to an
ENE. In nonsecure mode, an ENE’s SOCKS proxy can be disabled—effectively isolating the node
beyond the LAN firewall—but it cannot be disabled in secure mode.To change a node’s GNE or ENE
status and disable the SOCKS proxy, refer to the “Turn Up a Node” chapter in the Cisco ONS 15454
Procedure Guide.
Caution Enabling secure mode causes the TCC2P card to reboot; a TCC2P card reboot affects traffic.
Note The secure mode option does not appear in CTC if TCC2 cards are installed. If one TCC2 and one
TCC2P card are installed in a node, secure mode will appear in CTC but it cannot be modified.
Note If both front and backplane access ports are disabled in an ENE and the node is isolated from DCC
communication (due to user provisioning or network faults), the front and backplane ports are
automatically reenabled.
Figure 13-16 on page 13-22 shows an example of secure-mode ONS 15454 nodes with front-access
Ethernet port addresses that reside on the same subnet.