From: Ronnie Royston (RonnieR@xxxxxxxxxxxxxxxxx)
Date: Tue Jan 16 2001 - 00:19:48 GMT-3
Bill, I'm glad you asked this, GREAT question.
With respect to using dlsw icanreach commands, 0 = don't care.
With respect to using access-list 200, 1 = don't care. (see below)
Router(config)#access 700 permit 1111.1111.1111
Router(config)#
Router#sho access-list
Bridge address access list 700
permit 1111.1111.1111 0000.0000.0000
Router#
sad, ...but true.
-----Original Message-----
From: Jennifer Joy [mailto:jjoy@tri.sbc.com]
Sent: Monday, January 15, 2001 7:05 PM
To: Ronnie Royston
Subject: Re: DLSW MAC ADDR Filtering and Masks
Ronnie,
dlsw icanreach is the EXCEPTION, not the rule
access-lists 200 and 700 are the usual way
please go read the web page referenced earlier
http://www.cisco.com/warp/public/698/acl200.html
(direct cut/paste)
0 = Exact match required. This means that the allowed SAP must have the same
value as the SAP configured in the ACL. See the table below for
more details.
1 = The allowed SAP can have either a 0 or 1 at this bit position, the
"don't care" position.
it is there in black and white, but it easy to get confused on the
icanreach vs. access-list stuff in this case
Jennifer
Ronnie Royston said:
>
> Les,
>
> With mac address filters, 0 = don't care bits
>
> >From CCO:
>
> Let's look at a few more examples:
>
> dlsw icanreach mac-address 4000.3745.0000 mask ffff.ffff.ffff
> This command only includes the MAC address 4000.3745.0000. No other MAC
> addresses will pass this mask.
>
> dlsw icanreach mac-address 4000.0000.3745 mask ffff.0000.ffff
> This command includes all the MAC addresses within the range:
4000.0000.3745
> to 4000.FFFF.3745.
>
> -----Original Message-----
> From: Les Hardin [mailto:hardinl@bah.com]
> Sent: Monday, January 15, 2001 6:42 PM
> To: Ronnie Royston; 'Wayne S. Lewis'; Bill Fallon;
> ccielab@groupstudy.com
> Subject: RE: DLSW MAC ADDR Filtering and Masks
>
>
> Folks,
>
> According to Cisco documentation 1 =3D don't care and 0 =3D care.
>
> Les
> CCNP/CCDP
> April 18th Halifax
>
> At 07:59 PM 1/15/2001 -0600, Ronnie Royston wrote:
> >0s =3D don't care
> >1's =3D care
> >
> >-----Original Message-----
> >From: Wayne S. Lewis [mailto:lewisway@hcc.hawaii.edu]
> >Sent: Monday, January 15, 2001 5:53 PM
> >To: Bill Fallon; ccielab@groupstudy.com
> >Subject: RE: DLSW MAC ADDR Filtering and Masks
> >
> >
> >http://www.cisco.com/warp/public/698/acl200.html
> >
> > Thanks,
> >
> > Wayne
> >
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> >Bill Fallon
> >Sent: Monday, January 15, 2001 3:13 PM
> >To: ccielab@groupstudy.com
> >Subject: DLSW MAC ADDR Filtering and Masks
> >
> >
> >
> >"The Knot in my stomach is growing tighter as my day draws nearer!!!"
> >
> >anyway,
> >Lab Date is Feb 15th and 16th and need immediate Clarification Pleeease:
> >
> >1) When doing MAC ADDRESS filters for DLSW what is the correct masking
> >structure in the access list. Is it a wild Card mask or a regular mask
and
> >does F=3D"don't care" and 0=3D"care" or vice versa.
> >
> >I have gotten a lot of conflicting answers on this.....
> >
> >ie:
> >
> >Configure a router to stop explorers for mac addresses beginning with
> >4545.6767
> >
> >What should the access list be:
> >
> >access-list 700 deny 4545.6767.???? (mask) ????.????.????
> >access-list 700 permit ??????(What is the Wilcard permit any?)
> >
> >
> >2) When filtering LSAP and/or Netbios packets, and wild card permit any,
> >are these correct?
> >
> >ie. Permit netbios, deny SNA and Permit everything else ( I know this is
> >not the best way to do the access list but I want to make sure the
access
> >list statments are correct)
> >
> >access-list 200 deny 0x0000 0x0d0d --->Deny all SNA
> >access-list 200 permit 0xf0f0 0x0101 ---->Permit all netbios
> >access-list 200 permit 0x0000 0xffff =3D=3D=3D=3D>permit ANY
> >
> >
> >
> >
> >Thanks in advance,
> >Bill
> >
> >
> >
> >
> >-----------------------------------------------------
> >Click here for Free Video!!
> >http://www.gohip.com/free_video/
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:31 GMT-3