Cisco Systems ONS 15600 Security Camera User Manual


 
9-11
Cisco ONS 15600 Reference Manual, R7.2
Chapter 9 Management Network Connectivity
9.2.7 Scenario 7: Provisioning the ONS 15600 Proxy Server
If multiple ONS 15600 nodes and routers are connected to the same LAN in OSPF backbone area 0 and
a link between two routers breaks, the backbone OSPF area 0 could divide into multiple gateway
network elements (GNEs). If this occurs, the CTC session connected to Router 1 will not be able to
communicate with the ONS 15600 connected to Router 2. To resolve, you must repair the link between
the routers or provide another form of redundancy in the network. This is standard behavior for an OSPF
network.
Note
To create OSPF virtual links, OSPF must be enabled on the LAN.
Note
Cisco recommends limiting the number of link-state packets (LSPs) that will be forwarded over the DCC
interfaces.
9.2.7 Scenario 7: Provisioning the ONS 15600 Proxy Server
The ONS 15600 proxy server is a set of functions that allows you to configure ONS 15600s in
environments where visibility and accessibility between ONS 15600s and CTC computers must be
restricted. For example, you can set up a network so that field technicians and network operations center
(NOC) personnel can both access the same ONS 15600s while preventing the field technicians from
accessing the NOC LAN. To do this, one ONS 15600 is provisioned as a GNE and the other ONS 15600s
are provisioned as ENEs. The GNE ONS 15600 tunnels connections between CTC computers and ENE
ONS 15600s, providing management capability while preventing access for purposes other than
ONS 15600 management.
The ONS 15600 proxy server performs the following tasks:
Isolates DCC IP traffic from Ethernet (craft port) traffic and accepts packets based on filtering rules.
The filtering rules (see Table 9-3 on page 9-16 and Table 9-4 on page 9-16) depend on whether the
packet arrives at the ONS 15600 DCC or TSC Ethernet interface.
Processes Simple Network Time Protocol/Network Time Protocol (SNTP/NTP) requests.
ONS 15600 ENEs can derive time-of-day from an SNTP/NTP LAN server through the ONS node
GNE.
Process SNMPv1 traps. The GNE ONS 15600 receives SNMPv1 traps from the ONS node ENEs
and forwards them to all provisioned SNMPv1 trap destinations.
The ONS 15600 proxy server is provisioned using the Enable SOCKS proxy on port check box on the
Provisioning > Network > General tab (see Figure 9-9). If checked, the ONS 15600 serves as a proxy for
connections between CTC clients and ONS 15600s that are DCC-connected to the proxy ONS 15600.
The CTC client establishes connections to DCC-connected nodes through the proxy node. The CTC
client can connect to nodes that it cannot directly reach from the host on which it runs. If not selected,
the node does not proxy for any CTC clients, although any established proxy connections continue until
the CTC client exits. If set as a GNE, the CTC computer is visible to other DCC-connected nodes and
firewall is enabled. If Proxy-only is selected, the firewall is not enabled. CTC can communicate with
any other DCC-connected ONS 15600s.
Note
The ONS 15600 ENE option on the Provisioning > Network > General tab behaves the same as the GNE
option.