13-26
Cisco ONS 15454 Reference Manual, R7.0
78-17191-01
Chapter 13 Management Network Connectivity
13.5 13.5 External Firewalls
The following ACL example shows a firewall configuration when the SOCKS proxy server gateway
setting is not enabled. In the example, the CTC workstation's address is 192.168.10.10. and the
ONS 15454 address is 10.10.10.100. The firewall is attached to the GNE, so inbound is CTC to the GNE
and outbound is from the GNE to CTC. The CTC CORBA Standard constant is 683 and the TCC CORBA
Default is TCC Fixed (57790).
access-list 100 remark *** Inbound ACL, CTC -> NE ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 eq www
access-list 100 remark *** allows initial contact with ONS 15454 using http (port 80) ***
access-list 100 remark
access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 eq 57790
Table 13-9 Ports Used by the TCC2/TCC2P
Port Function Action1
1. D = deny, NA = not applicable, OK = do not deny
0 Never used D
20 FTP D
21 FTP control D
22 SSH (Secure Shell) D
23 Telnet D
80 HTTP D
111 SUNRPC (Sun Remote Procedure Call) NA
161 SNMP traps destinations D
162 SNMP traps destinations D
513 rlogin D
683 CORBA IIOP2
2. CORBA IIOP = Common Object Request Broker Architecture Internet Inter-ORB Protocol
OK
1080 Proxy server (socks) D
2001-2017 I/O card Telnet D
2018 DCC processor on active TCC2/TCC2P D
2361 TL1 D
3082 Raw TL1 D
3083 TL1 D
5001 BLSR3 server port
3. BLSR = bidirectional line switched ring
D
5002 BLSR client port D
7200 SNMP alarm input port D
9100 EQM port D
9401 TCC boot port D
9999 Flash manager D
10240-12287 Proxy client D
57790 Default TCC listener port OK