8-12
Cisco ONS 15310-MA SDH Reference Manual, Release 9.1 and Release 9.2
78-19417-01
Chapter 8 Management Network Connectivity
IP Addressing Scenarios
• Isolates DCC IP traffic from Ethernet (CRAFT port) traffic and accepts packets based on filtering
rules. The filtering rules depend on whether the packet arrives at the DCC or CRAFT port Ethernet
interface. Table 8-3 on page 8-15 and Table 8-4 on page 8-16 provide the filtering rules.
• Processes SNTP (Simple Network Timing Protocol) and NTP (Network Timing Protocol) requests.
Element ONS 15310-MA SDH NEs can derive time-of-day from an SNTP/NTP LAN server through
the GNE.
• Process SNMPv1 traps. The GNE receives SNMPv1 traps from the ENE and forwards them to all
provisioned SNMPv1 trap destinations.
The ONS 15310-MA SDH proxy server is provisioned using the Enable proxy server on port check box
on the Provisioning > Network > General tab. If checked, the ONS 15310-MA SDH serves as a proxy
for connections between CTC clients and ONS 15310-MA SDH nodes that are DCC-connected to the
proxy ONS 15310-MA SDH. The CTC client establishes connections to DCC-connected nodes through
the proxy node. The CTC client can connect to nodes that it cannot directly reach from the host on which
it runs. If the Enable proxy server on port check box is not checked, the node does not proxy for any CTC
clients, although any established proxy connections continue until the CTC client exits. In addition, you
can set the proxy server as an ENE or a GNE:
• External Network Element (ENE)—If set as an ENE, the ONS 15310-MA SDH neither installs nor
advertises default or static routes. CTC computers can communicate with the node using the craft
port, but they cannot communicate directly with any other DCC-connected node.
In addition, firewall is enabled, which means that the node prevents IP traffic from being routed
between the DCC and the LAN port. The ONS 15310-MA SDH can communicate with machines
connected to the LAN port or connected through the DCC. However, the DCC-connected machines
cannot communicate with the LAN-connected machines, and the LAN-connected machines cannot
communicate with the DCC-connected machines. A CTC client using the LAN to connect to the
firewall-enabled node can use the proxy capability to manage the DCC-connected nodes that would
otherwise be unreachable. A CTC client connected to a DCC-connected node can only manage other
DCC-connected nodes and the firewall itself.
• Gateway Network Element (GNE)—If set as a GNE, the CTC computer is visible to other
DCC-connected nodes and firewall is enabled.
• Proxy-only—If Proxy-only is selected, CTC cannot communicate with any other DCC-connected
ONS 15310-MA SDH nodes and firewall is not enabled.
Note If you launch CTC against a node through a NAT (Network Address Translation) or PAT (Port Address
Translation) router and that node does not have proxy enabled, your CTC session starts and initially
appears to be fine. However CTC never receives alarm updates and disconnects and reconnects every two
minutes. If the proxy is accidentally disabled, it is still possible to enable the proxy during a reconnect
cycle and recover your ability to manage the node, even through a NAT/PAT firewall.
Note ENEs that belong to different private subnetworks do not need to have unique IP addresses. Two ENEs
that are connected to different GNEs can have the same IP address. However, ENEs that connect to the
same GNE must always have unique IP addresses.
Figure 8-10 shows an ONS 15310-MA SDH proxy server implementation. A GNE is connected to a
central office LAN and to ENEs. The central office LAN is connected to a NOC LAN, which has CTC
computers. The NOC CTC computer and craft technicians must both be able to access the ENEs.
However, the craft technicians must be prevented from accessing or seeing the NOC or central office
LANs.
