From: Mark Lewis (markl11@xxxxxxxxxxx)
Date: Thu Sep 21 2000 - 13:58:40 GMT-3
Hi,
The saps are :
0x04,0x05
0x08,0x09
0x0c,0x0d
So to permit ALL SNA, I believe that the access-list should be:
access-list 200 permit 0x0000 0x0d0d
There's a really nice page about this on the Cisco site, if only I could
remember what it is!
(By the way, I believe the filter from below may come from Nam-Kee's
(?) book, which doesn't take all SNA traffic into account).
Hope that helps,
Mark
>From: "Maljure, Sanjay" <smaljure@cibernetworks.com>
>Reply-To: "Maljure, Sanjay" <smaljure@cibernetworks.com>
>To: "'Eddie Parra'" <eparra@telocity.com>, CCIE Group Study
><ccielab@groupstudy.com>
>Subject: RE: SNA Filtering Question...
>Date: Thu, 21 Sep 2000 10:01:09 -0600
>
>I was reading about this yesterday. SNA is supposed to use the following
>SAPs
>0x04
>0x08
>0x0C
>
>access-list 200 permit 0x0404 0x0001 (Permits SNA command or response)
>access-list 200 permit 0x0004 0x0001 (Permits SNA explorers with NULL DSAP)
>
>And you could use this access-list on remote-peer statements in DLSw+
>
>dlsw remote-peer 0 tcp 1.1.1.1 lsap-output-list 200
>
>(Caslow 717-724)
>
>
>Hope this helps..
>Also the archives must have a lot of threads on this one.
>Sanjay
>
>
>-----Original Message-----
>From: Eddie Parra [mailto:eparra@telocity.com]
>Sent: Thursday, September 21, 2000 11:17 AM
>To: CCIE Group Study
>Subject: SNA Filtering Question...
>
>
>I have a SNA question that I don't know enough about the technology to
>answer. I have a practice lab that asks to only allow in certain SNA SAP's
>and all "return packets"? Could anyone please clarify this?
>
>Less than 48 hours till my CCIE lab in RTP!
>-Eddie
>
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:00 GMT-3