13-23
Cisco ONS 15454 Reference Manual, R8.5.x
78-18106-01
Chapter 13 Management Network Connectivity
13.2.9 IP Scenario 9: IP Addressing with Secure Mode Enabled
Figure 13-17 IP Scenario 9: ONS 15454 GNE and ENEs on Different Subnets with Secure Mode
Enabled
13.2.9.2 Secure Node Locked and Unlocked Behavior
Secure mode can operate on a node in either locked or unlocked mode. By default, secu re mode’s status
is unlocked; only a superuser can convert it to locked mode. Doing so permanently changes the hardware
configuration on the active and standby TCC2P cards as well as the chassis.
Locked mode must be used carefully because the cards and shelf retain their locked status even if
separated from each other. For example, if a node is in secure, locked mode and you perform a card pull
on its standby TCC2P, then insert that as the active card into another node, the secure , locked mode is
written to the new node’s chassis and standby TCC2P. If you perform a card pull on a secure, locked
node’s active and standby TCC2Ps and insert both of them into a chassis that previously was in unlocked
mode, the node becomes locked.
When it is secure and locked, a node’s configuration, Ethernet port status, its secure mode, and the
locked status cannot be changed by any network user— including a supe ruser. To have a secure node’s
lock removed, contact Cisco Technical Support to arrange a Return Material Authorization (RMA) for
the chassis and for the TCC2Ps. Refer to the “Obtaining Documentation and Submitting a Service
Request” section on page lii as needed.
71674
Remote CTC
10.10.20.10
10.10.20.0/24
10.10.10.0/24
Interface 0/0
10.10.20.1
Router A
Interface 0/1
10.10.10.1
ONS 15454
GNE
Backplane - 10.10.10.100/24
TCC2P - 176.20.20.40/24
ONS 15454
ENE
Backplane - 192.168.10.250/24
TCC2P - 176.20.20.30/24
ONS 15454
ENE
192.168.10.150/24 - Backplane
176.20.20.10/24 - TCC2P
ONS 15454
ENE
192.168.10.200/24 - Backplane
176.20.20.20/24 - TCC2P
Local/Craft CTC
176.20.20.50
Ethernet
SONET