From: Brian Van Benschoten (vader@xxxxxxxxxxxx)
Date: Sun Oct 17 1999 - 15:09:40 GMT-3
Ethernet ( 666-666 666-zone) R1 Frame relay R2 Ethernet (11-11
11-zone)
AT routing is working fine at this point, I see all other cable ranges and
zones I should
make it so clients on R1 cannot see zones directly attached to R2
The frame cloud is using AT EIGRP routing. RTMP is disabled on the serial
interfaces.
I think there are 2 ways to do this
1: create a getzonelist filter that filters the 11-zone, allows all other
zones and access. apply it to R1's Ethernet segment. Like this:
AppleTalk access list 600:
deny zone 11-zone
permit additional-zones
permit other-access
2: create a routing filter and issue a distribute-in command on R1's serial
interface
Like this:
AppleTalk access list 601:
permit additional-zones
deny cable-range 11-11
permit other-access
I think #2 could be used if the question were worded a little different.
Example: to deny access from any segments on R1 to R2
here is the problem: when using #2 I issue a "sh apple zone" I see the
11-zone listed with no cable segment. Is this normal?
I though that if the router received a zone with no cable segment it
wouldn't put it in the table. If I didn't have the
getzonelist filter on E0, wouldn't clients get the 11-zone in the chooser
but not be able to get there?
the docs say the order of the access lists don't make any difference (unlike
other access lists)
am I on the right track here ?
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:53 GMT-3