From: Kevin Baumgartner (kbaumgar@xxxxxxxxx)
Date: Thu Sep 21 2000 - 13:28:37 GMT-3
Actually a simple access-list to permit SNA SAP's is
access-list 200 permit 0x000 0x0d0d
This will permit 0x04, 0x08, 0x0C (both SNA command and response)
Kevin
At 10:01 AM 9/21/00 -0600, you wrote:
>I was reading about this yesterday. SNA is supposed to use the following
>SAPs
>0x04
>0x08
>0x0C
>
>access-list 200 permit 0x0404 0x0001 (Permits SNA command or response)
>access-list 200 permit 0x0004 0x0001 (Permits SNA explorers with NULL DSAP)
>
>And you could use this access-list on remote-peer statements in DLSw+
>
>dlsw remote-peer 0 tcp 1.1.1.1 lsap-output-list 200
>
>(Caslow 717-724)
>
>
>Hope this helps..
>Also the archives must have a lot of threads on this one.
>Sanjay
>
>
>-----Original Message-----
>From: Eddie Parra [mailto:eparra@telocity.com]
>Sent: Thursday, September 21, 2000 11:17 AM
>To: CCIE Group Study
>Subject: SNA Filtering Question...
>
>
>I have a SNA question that I don't know enough about the technology to
>answer. I have a practice lab that asks to only allow in certain SNA SAP's
>and all "return packets"? Could anyone please clarify this?
>
>Less than 48 hours till my CCIE lab in RTP!
>-Eddie
>
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:59 GMT-3