From: Connary, Julie Ann (jconnary@xxxxxxxxx)
Date: Tue Jan 02 2001 - 14:40:00 GMT-3
John,
Well, test frames and responses are for sna clients to find an SNA host -
But if you filtered all else - how would a connection get setup or data frames?
I believe that test/response frames are on saps 04/05 respectively so you
could do one of two things:
On each of your routers use the command (it will automatically allow the 05
response):
dlsw icannreach saps 00 04
or create a sap filter to only allow 00 and 04/05 saps:
access-list 200 permit 0x0404 0x0101 (SNA frames command and response
access-list 200 permit 0x0004 0x0001 (SNA explorers with null DSAP)
dlsw remote-peer lsap-output-list 200
to understand the access-list translate to binary and remember the second
part is a wild card mask.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/ibm_c/bc
prt1/bcsrb.htm
It may be better for the access list to allow all the common sna lsap
pairs: 00, 04, 08 and 0C:
access-list 200 permit 0x0000 0x0D0D
(http://www.cisco.com/warp/public/698/acl200.html#caseA)
Julie Ann
At 08:25 AM 1/2/2001 -0800, you wrote:
>I'm not really sure. The practice lab I'm working on
>doesn't really specify. It only says create a filter
>so that only test frames and their responses can pass
>between peers.
>
>
>--- "Connary, Julie Ann" <jconnary@cisco.com> wrote:
> > Do you mean disable local acknowledgement or through
> > an access-list?
> >
> >
> > At 07:33 AM 1/2/2001 -0800, you wrote:
> > >In DLSW, how would you make sure that test frames
> > and
> > >responses between peers could pass through?
> > >
> > >John
> > >
> > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:21 GMT-3