Re: DLSW - SNA Filter/packet processing

From: hemi.blandford@xxxxxxxxxx
Date: Tue Feb 29 2000 - 19:00:22 GMT-3

• Next message: Richard Wagner: "OSPF Authentication and Virtual Links"
• Previous message: Richard Wagner: "RE: Does the PC in the lab has an ethernet card ?"
• Maybe in reply to: Mosley, Arthur: "DLSW - SNA Filter/packet processing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

SNA uses SAPs 04,08, and 0C. The low order bit of the DSAP (first bit on the
wire when transmitted) may be used to indicate individual/group address. The
low order bit of the SSAP may be used to indicate command/response.

Therefore, you will need to filter 04, 05, 08, 09, 0C, and 0d to cover all of
the above situations. This will effectively control all SNA traffic.

If you "binaryize" the above you get the following:
HEX BINARY
04 0000 0100
05 0000 0101
08 0000 1000
09 0000 1001
0C 0000 1100
0D 0000 1101

A mask that covers all of the above is 0D, so to effectively block/permit all
SNA traffic you would use:
access-list 201 <permit/deny> 0x0000 0x0d0d.

This can then be applied to a dlsw lsap-output-list statement, or applied to an
interface.

Hemi.
CCIE# 5585

• Next message: Richard Wagner: "OSPF Authentication and Virtual Links"
• Previous message: Richard Wagner: "RE: Does the PC in the lab has an ethernet card ?"
• Maybe in reply to: Mosley, Arthur: "DLSW - SNA Filter/packet processing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:54 GMT-3