From: Kevin Baumgartner (kbaumgar@xxxxxxxxx)
Date: Tue Aug 15 2000 - 13:17:53 GMT-3
Good link on how the SNA access-list works.
Now if only I could understand IPSEC :)
Kevin
At 09:23 AM 8/15/00 -0500, you wrote:
>This is what I like about this group all Information posted incorrectly
>usually gets beaten to death by the correctness patrol... I was in error on
>my posting the real deal is the following (once I consulted my actuall notes
>and not simply my memory of them)
>
>access-list 200 permit 0x0000 0x0D0D permits only SNA
>access-list 200 permit 0xF0F0 0x0101 permits Netbios, because netbios uses
>F0 as its SSAP and DSAP, and as we all know you
could have a 1 added
>to your ssap or dsap to denote a response.(I think.. here comes
the
>correctness patrol!!)
>
>Here is a link to clerify the 0D0D thing for anyone who is still in doubt.
>
>http://www.cisco.com/cgi-bin/Support/OpenForum/dispnewqa.pl/5881
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Kevin Baumgartner
>Sent: Monday, August 14, 2000 4:32 PM
>To: Dayong Gan
>Cc: ccielab@groupstudy.com
>Subject: RE: How to find the Type-Code in Cisco CD?
>
>
>No should be "access-list 200 permit 0x0000 0x0d0d"
> This will permit SNA traffic SAPS of 04,05,08,09,0C and Od.
>
> If you work through the mask it makes sense.
> Remember that the mask works the same as IP access-list.
>A 0 bit is a direct match, a 1 is don't care.
>So with a mask of 0d0d
>it will match 0404, 0505, 0808,0909,0c0c and 0d0d which are
>the one that you want to match on to deny all the commonly used
>SNA SAPs. And for example will not match on 0202, or 0606.
>
> Your example of "access-list 200 permit 0x0d0d 0x0000" will
>only permit a SAP of 0d0d and nothing else. (remember 0 in mask
>has is a direct match).
>
> Kevin
>
>At 03:15 PM 8/14/00 -0400, you wrote:
> >hi, Jamie.
> >
> >access-list 200 permit 0x0000 0x0D0D
> >
> >This command does not make sense. 0x0000 is the type code? 0x0D0D is the
>mask?
> >
> >It should be "access-list 200 permit 0x0D0D 0x0000" ?
> >
> >
> >Dayong
> >
> > -----Original Message-----
> >From: James Brogdon, Jr. [mailto:jbrogdon@mentortech.com]
> >Sent: Saturday, August 12, 2000 12:52 AM
> >To: 'Dayong Gan'
> >Subject: RE: How to find the Type-Code in Cisco CD?
> >Dayong,
> >
> >The NetBIOS LSAPs are:
> >F0
> >F1
> >
> >The SNA LSAPs are:
> >04
> >05
> >08
> >09
> >0C
> >0D
> >
> >To permit all NetBIOS Traffic use:
> >
> >access-list 200 permit 0xF0F0 0x0101
> >
> >To permit all SNA Traffic:
> >
> >access-list 200 permit 0x0000 0x0D0D
> >
> >
> >Let me know if this helps.
> >
> >Thanks,
> >Jamie Brogdon
> >Consultant
> >Mentor Technologies
> >(443) 621-6734 (cell)
> >jbrogdon@mentortech.com
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Dayong Gan
> >Sent: Friday, August 11, 2000 2:38 PM
> >To: Ccielab (E-mail)
> >Subject: How to find the Type-Code in Cisco CD?
> >
> >Hi, everybody.
> >
> >How can I find out the type codes when config access-list 200-299?
> >
> >DLSW Design Guide (cisco) says
> >to permit NetBIOS not SNA
> >access-list 200 permit 0x0F0F 0x0101
> >
> >FatKid ---411 advanced dlsw+ Hint 11---says
> >SNA (0x0F0F)
> >Netbios (0x0D0D)
> >
> >
> >Which one is corect? I can not find a full list of type-code on cisco cd.
>Who can help me?
> >
> >Best regards,
> >Dayong Gan
> >Network Engineer
> >Nuvo Network Management Inc.
> >260-2650 Queensview Drive, Ottawa. Canada K2B 8H6
> >Tel:(613)721-6886 ext. 149
> >Fax:(613)721-1399
> >Email: dgan@nuvo.com
> ><http://www.nuvo.com/>http://www.nuvo.com
> >
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:26 GMT-3