Guest

Cisco ONS 15300 Series

Use a Static CORBA Listener Port on the CTM Server

Cisco - Use a Static CORBA Listener Port on the CTM Server

Introduction

This document describes how to implement the static CORBA listener port on Cisco Transport Manager (CTM) server. This procedure reduces the number of TCP ports that need to be open on the firewall that exists between the CTM server and Network Elements (NEs).

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • CTM

Components Used

The information in this document is based on these software and hardware versions:

  • CTM version 4.6.x and later

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Topology

Figure 1 depicts the topology. A firewall separates the CTM server from the NEs. All NEs are inside the firewall and the CTM server is outside the firewall.

Figure 1 – Topology

ctmsvr_staticports_01.gif

Static CORBA Listener Port

A firewall between the CTM server and NEs is a supported configuration. The CORBA Internet Inter-ORB Protocol (IIOP) listener port on the CTM server is dynamic by default. Any firewall that exists between the CTM server and NEs must open a number of TCP ports. The number of TCP ports must be in the range of 1024 through 65535.

In order to reduce security risks, Cisco recommends that you use a static CORBA listener port on the CTM server. A static port reduces the number of TCP ports that need to be open on the firewall. Complete these steps:

  1. Browse to the /opt/CiscoTransportManagerServer/bin directory.

  2. Use ctms-stop to stop CTM.

  3. Use Telnet to log into the CTM server as root.

  4. Change directory to /opt/CiscoTransportManagerServer/bin.

  5. Edit the jne454.sh file to insert this line before the -classpath line (see arrow A in Figure 2).

    -Dong.orb.iioplistenerport = port number \

    The recommended port number is 5555. If 5555 is chosen, type -Dong.orb.iioplistenerport=5555 \:

    Figure 2 – Partial List of jne454.sh

    ctmsvr_staticports_02.gif

  6. Open a range of TCP ports on the firewall beginning with TCP port 5555, if the CTM server is outside the firewall. The range is subject to the number of NEs, but allow at least 150.

  7. Browse to the /opt/CiscoTransportManagerServer/bin directory again.

  8. Use ctms-start to restart CTM in order to implement the changes.

Related Information

Updated: Nov 29, 2005
Document ID: 68184