Re: access-expression

From: Fred Ingham (fningham@xxxxxxxxxxxxxxxx)
Date: Sat Dec 16 2000 - 17:45:48 GMT-3

• Next message: Fred Ingham: "Re: SR/TLB question"
• Previous message: Rahmlow, Howard F.: "RE: Doc CD"
• Maybe in reply to: zhangxianqi: "access-expression"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Access expressions are only used on token ring source-bridge interfaces
as far as I know. On Ethernet you would use the bridge 1
input-lsap-filter (for transparent bridge-group1). On token ring you
would use source-bridge input-lsap-list to do the same thing.

Access expressions are used when you want to combine filter options such
as lsap and mac address. An example is:

access-li 200 permit 0xf0f0 0x0101
access-li 700 permit 0123.4567.89ab

interface token 0
access-expression in (lsap(200) | smac(700))

which would permit NetBIOS or a source MAC of 0123.4567.89ab.

As you know this has nothing to do with regular expressions.

HTH Fred.
zhangxianqi wrote:
>
> What I want to do exact is a protocl filter,I want to prevent netbios traffic
 enter my router through ethernet,of course I can use 'bridge input-lsap-filter
' to get this be done,but my purpose is to test whether the access expression c
an be used on ethernet,I know it can be use on token ring interface.so, what is
 the conclution?
>
> Regards
> xianqi
> ----- Original Message -----
> From: <SherefMohamed@cdh.org>
> To: zhangxianqi <zhangxqi@gitc.com.cn>
> Cc: <ccielab@groupstudy.com>; <nobody@groupstudy.com>
> Sent: Saturday, December 16, 2000 5:12 AM
> Subject: Re: access-expression
>
> >
> > I think the way to define an access-expression is to use something like:
> > ip as-path access-list 1 permit REGULAR_EXPRESSION
> >
> > What you did is basically created an protcol filter !
> >
> > Hope this help
> > Sheref
> >
> >
> >
> > "zhangxianqi"
> > <zhangxqi@git To: <ccielab@groupstudy.com>
> > c.com.cn> cc:
> > Sent by: Subject: access-expression
> > nobody@groups
> > tudy.com
> >
> >
> > 12/15/2000
> > 02:01 AM
> > Please
> > respond to
> > "zhangxianqi"
> >
> >
> >
> >
> >
> >
> > hi,
> > Can access-expression be used in ethernet interface,I want to test it,but
> > when I config the access-expression as below
> > access-list 200 deny 0xf0f0 0101
> > int e 0
> > access-expression in lsap(200)
> >
> > I want to see no netbios taffic enter my router,but....,the netbios traffic
> > get through,it looks the access-expression not take effect,why?
> >
> >
> > Regards
> > xianqi
> >

• Next message: Fred Ingham: "Re: SR/TLB question"
• Previous message: Rahmlow, Howard F.: "RE: Doc CD"
• Maybe in reply to: zhangxianqi: "access-expression"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:26:03 GMT-3