Ip Scenario 9: Ip Addressing With Secure Mode Enabled; Secure Mode Behavior; Figure - Cisco 15454-DS1-14= - 1.544Mbps Expansion Module Reference Manual

13.2.9 IP Scenario 9: IP Addressing with Secure Mode Enabled

Figure 13-15

10.10.10.0/24
10.10.10.100/24
192.168.10.250/24
13.2.9 IP Scenario 9: IP Addressing with Secure Mode Enabled
The TCC2 card and TCC2P card both default to nonsecure mode. In this mode, the front and back
Ethernet (LAN) ports share a single MAC address and IP address. TCC2P cards allow you to place a
node in secure mode, which prevents a front-access craft port user from accessing the LAN through the
backplane port. Secure mode can be locked, which prevents the mode from being altered. To place a node
in secure mode or to lock secure node, refer to the "Change Node Settings" chapter in the
Cisco ONS 15454 Procedure Guide.

13.2.9.1 Secure Mode Behavior

Changing a TCC2P node from repeater mode to secure mode allows you to provision two IP addresses
for the ONS 15454 and causes the node to assign the ports different MAC addresses. In secure mode,
one IP address is provisioned for the ONS 15454 backplane LAN port, and the other IP address is
provisioned for the TCC2P Ethernet port. Both addresses reside on different subnets, providing an
additional layer of separation between the craft access port and the ONS 15454 LAN. If secure mode is
Cisco ONS 15454 Reference Manual, R8.5
13-20
IP Scenario 8: Dual GNEs on Different Subnets
Interface 0/1
10.10.10.1
ONS 15454
GNE
ONS 15454
ENE
Remote CTC
10.10.20.10
10.10.20.0/24
Interface 0/0
10.10.20.1
Router A
Interface 0/2
10.20.10.1
10.20.10.0/24
ONS 15454
GNE
10.20.10.100/24
ONS 15454
ENE
192.168.10.200/24
Local/Craft CTC
192.168.20.20
Chapter 13 Management Network Connectivity
Ethernet
SONET
78-18106-01