From: Earl Aboytes (earl@xxxxxxxxxxxx)
Date: Tue Feb 01 2000 - 04:12:11 GMT-3
I thought I sent a correction but I have not seen it come through.
I/G D D D D D D D C/R S S S S S S S
should have been
D D D D D D D I/G S S S S S S S C/R
Sorry for the confusion
Earl
At 10:11 PM 1/31/00 -0800, Earl Aboytes wrote:
Brian,
I was able to login to CCO and go to the TAC and under tools you
will find the open Q&A forum.
Hopefully, I can shed some more light on this for you. The
structure of the LLC header is such that you have 3 bytes made up
of one byte for DSAP one byte for SSAP and one byte for control.
The SAP identifier is actually only 7 bits long. The least
significant bit in the DSAP and SSAP are used for Individual/Group
and Command/Response. In other words, in the first two bytes you
have I/G D D D D D D D C/R S S S S S S S where I/G and C/R stand
for individual/group and command/response. When the I/G bit is set
to one it is set to group and this could mean that the packet is
destined for more than one operating environment in the attached
system. If the c/r bit is set to one this is a response as opposed
to a command. If you notice in the article that I sent you we are
always concerned about the a value and then that value plus one.
SNA SAPs of 04/05, 08/09, and 0C/0D. This added value is the
result of the I/G bit being set on or off or the c/r bit being
set on or off.
EARL
At 10:41 AM 1/31/00 -0500, you wrote:
Earl,
Thanks for the useful posting. I have been struggling with
conflicting info on this subject - seems the documentation is
kind of sparse. Where did you find this on CCO?
What about an access-list such as:
access-list 210 permit 0x0404 0x0101
It is my understanding that this will allow SNA destination and
source traffice 0x0404 and the mask 0x0101 allows
individual/group command/response frames to pass equally. I
believe I am having trouble with the I/G and C/R part and the
masking. Could you shed any more light on this.
Thanks.
Brian Best
-----Original Message-----
From: Earl Aboytes [mailto:earl@linkline.com]
Sent: Saturday, January 29, 2000 10:37 PM
To: Ben Rife; ccielab@groupstudy.com
Subject: Re: DLSW
I found this on Cisco's open Q & A
Question: Data-link switching (DLSw) permit only Systems
Network Architecture (SNA) traffic through and deny NetBios.
I wanted to double-check the configuration for permitting only
SNA traffic in
the DLSw.
access-list 202 permit 0x0404 0x0001
access-list 202 permit 0x0004 0x0001
dlsw remote-peer 0 tcp 1.1.1.1 lsap-output-list 202
int tok 0
source-bridge spanning
source-bridge input-lsap-list 202
Answer:
Permit SNA Traffic
First we assume all SNA traffic uses service access point (SAP)
4, 8 or C.
binary Hex
0000 0100 04
0000 1000 08
0000 1100 0c
Low order bit of destination service access point (DSAP) (first
bit on
wire when transmitted) may be used to indicate an
individual/group address.
Low order bit of source service access point (SSAP) (first bit
on wire when
transmitted) may be used to indicate command/response.
If we define a mask that also allows these bits to be set, it
will look like the following:
Binary Hex
0000 0101 05
0000 1001 09
0000 1101 0D
All of these bit values use a subset of the bits set for the
hex
value 0D, so we can define an access list that says the
following:
access-list 202 permit 0x0000 0x0d0d
dlsw remote-peer 0 tcp 1.1.1.1 lsap-output-list 202
The access-list uses an 0x0d0d mask to set don't care bits for
all the
bits that could be set when representing the SNA SAPs of 04/05,
08/09, and 0C/0D. All other bits must be set to 0 or this
filter will
not be matched.
It is not necessary to apply this to both the Token Ring and
the peer.
At 11:26 PM 1/29/00 -0500, Ben Rife wrote:
Question:
R1-----R2-----R3
I want to configure dlsw such that Netbios only is allowed
between R1 and R2 and SNA only between R2 and R3.
R2 is a border for the group R1 connects to R2 and R3 connects
to R2.
I know that I need an lsap-output-list (access-list 200) to
specify the protocol type-code right?
Where do you find the sytax for this command/function? Am I on
the right track? Can someone help me?
Thanks, Ben
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:52 GMT-3