Cisco Systems ONS 15600 Security Camera User Manual


 
9-17
Cisco ONS 15600 Reference Manual, R7.2
Chapter 9 Management Network Connectivity
9.2.8 Scenario 8: Dual GNEs on a Subnet
Figure 9-13 Nodes Behind a Firewall
Figure 9-14 shows a CTC computer and ONS 15600s behind firewalls. For the computer to access the
ONS 15600, you must provision the IIOP port on the CTC computer and on the ONS 15600. Each
firewall can use a different IIOP port. For example, if the CTC computer firewall uses IIOP port 4000,
and the ONS 15600 firewall uses IIOP port 5000, 4000 is the IIOP port you provision for the CTC
computer and 5000 is the IIOP port you provision for the ONS 15600.
Figure 9-14 CTC Computer and ONS 15600s Residing Behind Firewalls
If you implement the proxy server, note that all DCC-connected ONS 15600s on the same Ethernet
segment must have the same gateway setting. Mixed values produce unpredictable results, and might
leave some nodes unreachable through the shared Ethernet segment.
If nodes become unreachable, correct the setting by performing one of the following actions:
Disconnect the craft computer from the unreachable ONS 15600. Connect to the ONS 15600
through another network ONS 15600 that has a DCC connection to the unreachable ONS 15600.
Disconnect all DCCs to the node by disabling them on neighboring nodes. Connect a CTC computer
directly to the ONS 15600 and change its provisioning.
9.2.8 Scenario 8: Dual GNEs on a Subnet
The ONS 15600 provides GNE load balancing, which allows CTC to reach ENEs over multiple GNEs
without the ENEs being advertised over OSPF. This feature allows a network to quickly recover from
the loss of a GNE, even if the GNE is on a different subnet. If a GNE fails, all connections through that
GNE fail. CTC disconnects from the failed GNE and from all ENEs for which the GNE was a proxy and
78337
CTC computer
External network Protected network
ONS 15600
Unprotected
network
Private
network
IIOP port
IIOP port
Firewall
Port
filtering
ONS 15600
78338
CTC computer
Firewall
Port
filtering
Protected network External network Protected network
ONS 15600
Private
network
Unprotected
network
Private
network
IIOP port
IIOP port
IIOP port
Firewall
Port
filtering
ONS 15600