From: Steve McNutt (lpd@xxxxxxxxxxxxxxxx)
Date: Mon Sep 25 2000 - 22:34:53 GMT-3
so using that logic this access list:
access-list 200 permit 0x0404 0x0101 (allow SNA sap 04)
access-list 200 permit 0x0004 0x0001 (allow SNA test frames (null DSAP))
can also be written like this:
access-list 200 permit 0x0000 0x0505 (ignore bits 1 and 3 on both ssap and
dsap)
correct?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Dave McFetridge
Sent: Friday, September 22, 2000 8:22 PM
To: 'CCIE Group Study'
Subject: RE: SNA Filtering Question...
access-list 201 permit 0x0000 0x0d0d - SNA Only
access-list 202 permit 0xf0f0 0x0101 - NetBios Only
dlsw remote-peer 0 tcp 137.12.32.2 lsap-output-list 201
You should understand how the mask works as well as that can be just as
important as the SAP values. The above SNA statement can be broken down like
this...
mask and SAPs in binary
D - 1101
4 - 0100
8 - 1000
9 - 1001
c - 1100
0's must match, 1's don't care
Also remember if you need to filter to a specific traffic type not a mac
address, you need to apply this filter in both directions. If DLSW is new to
you, You need to spend some quality time reading the config guide for DLSW.
This should be given the same amount of attention as BGP
http://127.0.0.1:8080/cc/td/doc/product/software/ios112/112cg_cr/8cbook/8cdl
sw.htm
Good luck
Dave
-----Original Message-----
From: Eddie Parra [mailto:eparra@telocity.com]
Sent: Thursday, September 21, 2000 11:17 AM
To: CCIE Group Study
Subject: SNA Filtering Question...
I have a SNA question that I don't know enough about the technology to
answer. I have a practice lab that asks to only allow in certain SNA SAP's
and all "return packets"? Could anyone please clarify this?
Less than 48 hours till my CCIE lab in RTP!
-Eddie
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:03 GMT-3