Re: DLSW filtering

From: Connary, Julie Ann (jconnary@xxxxxxxxx)
Date: Tue Jan 02 2001 - 19:13:52 GMT-3

• Next message: Wang, Roger: "RE: RTP Date Jan. 31-Feb. 1 available for swap"
• Previous message: SherefMohamed@xxxxxxx: "Re: Lab Swap - SJ Feb 7&8 for April"
• Maybe in reply to: John Doe: "DLSW filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

John,

What is sna sap 7? I always thought that SNA saps had to be multiples of 4
and the responses were 1 higher?
Any ways that filter would work - but you are allowing more than what the
question asks. I think
they mean
0x0000 0x0D0D

which is what is normally used to allow all SNA traffic.

Julie Ann

At 11:07 AM 1/2/2001 -0800, John Doe wrote:
>I worded the problem poorly. I actually want to allow
>those thing. The actual problem states this:
>
>create a filter that only allows test frames, sna
>4,7,8 and their responses to pass between peers. I
>also want to do this with as little configuration as
>possible.
>
>Could I use 0x0000 0x0F0F for my filter to satisfy ALL
>the requirments?
>
>John
>--- "Connary, Julie Ann" <jconnary@cisco.com> wrote:
> > John,
> >
> > Well, test frames and responses are for sna clients
> > to find an SNA host -
> > But if you filtered all else - how would a
> > connection get setup or data frames?
> >
> > I believe that test/response frames are on saps
> > 04/05 respectively so you
> > could do one of two things:
> >
> > On each of your routers use the command (it will
> > automatically allow the 05
> > response):
> >
> > dlsw icannreach saps 00 04
> >
> > or create a sap filter to only allow 00 and 04/05
> > saps:
> >
> > access-list 200 permit 0x0404 0x0101 (SNA frames
> > command and response
> > access-list 200 permit 0x0004 0x0001 (SNA explorers
> > with null DSAP)
> >
> > dlsw remote-peer lsap-output-list 200
> >
> > to understand the access-list translate to binary
> > and remember the second
> > part is a wild card mask.
> >
> >
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/ibm_c/b
cprt1/bcsrb.htm
> >
> > It may be better for the access list to allow all
> > the common sna lsap
> > pairs: 00, 04, 08 and 0C:
> >
> > access-list 200 permit 0x0000 0x0D0D
> >
> >
> >
>(http://www.cisco.com/warp/public/698/acl200.html#caseA)
> >
> > Julie Ann
> >
> >
> >
> >
> > At 08:25 AM 1/2/2001 -0800, you wrote:
> > >I'm not really sure. The practice lab I'm working
> > on
> > >doesn't really specify. It only says create a
> > filter
> > >so that only test frames and their responses can
> > pass
> > >between peers.
> > >
> > >
> > >--- "Connary, Julie Ann" <jconnary@cisco.com>
> > wrote:
> > > > Do you mean disable local acknowledgement or
> > through
> > > > an access-list?
> > > >
> > > >
> > > > At 07:33 AM 1/2/2001 -0800, you wrote:
> > > > >In DLSW, how would you make sure that test
> > frames
> > > > and
> > > > >responses between peers could pass through?
> > > > >
> > > > >John
> > > > >
> > > > >
> > > >

• Next message: Wang, Roger: "RE: RTP Date Jan. 31-Feb. 1 available for swap"
• Previous message: SherefMohamed@xxxxxxx: "Re: Lab Swap - SJ Feb 7&8 for April"
• Maybe in reply to: John Doe: "DLSW filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:21 GMT-3