From: Bernard Dunn (dunn@xxxxxxxxx)
Date: Fri Feb 02 2001 - 06:14:17 GMT-3
The ACL would be hit first. After other checks (NAT, etcc..) then we
figure out how to forward the packet.
Regards
Bernard.
On Thu, 1 Feb 2001, Chuck Church wrote:
> These PC's are using IP, not Netbeui. I thought DLSW only handled
> non-routable, bridged traffic. Am I missing something?
>
> Chuck Church
> CCNP, CCDP, MCNE, MCSE
> Sr. Network Engineer
> Magnacom Technologies
> 140 N. Rt. 303
> Valley Cottage, NY 10989
> 845-267-4000 x218
>
>
>
> -----Original Message-----
> From: Robert DeVito [mailto:robertdevito@hotmail.com]
> Sent: Thursday, February 01, 2001 10:14 PM
> To: cchurch@MAGNACOM.com; ccielab@groupstudy.com
> Subject: Re: What takes precedence, IP forward protocol or ACL?
>
>
> DLSW might solve your problem, but it could be a pretty big overhead with
> 56k lines. It would do the job, though. The only problem I have found with
>
> this solution is that you will sometimes have to search for the computer
> name (find computer).
>
> Let me know how you make out...
>
> Robert
>
>
> ----Original Message Follows----
> From: Chuck Church <cchurch@MAGNACOM.com>
> Reply-To: Chuck Church <cchurch@MAGNACOM.com>
> To: "CCIE Lab group (E-mail)" <ccielab@groupstudy.com>
> Subject: What takes precedence, IP forward protocol or ACL?
> Date: Thu, 1 Feb 2001 21:43:11 -0500
>
> All,
>
> Sorry to ask a customer-related question, but since it's so bizarre,
> I figured it's a possibility on the lab :) I've got a main location with
> about 100 users, including 1 control-freak admin. I'm rolling out a frame
> network to several remote offices. The admin would like to be able to see
> the remote workstations in his network neighborhood for admin purposes.
> They don't own any NT servers, so WINs is not an option. I've done IP
> helper and forward protocol UDP 137-139 in small locations to allow computer
> browsing, but because of the 56 kb frame circuit and the fact that there's
> 100 users at the main location, I don't want to forward all the netbios
> broadcasts from the main segment to the remote frame location. If I use an
> extended ACL to allow NB broadcasts incoming on the ethernet to allow only
> the admin workstation, and have an IP helper on that interface, will only
> the admin PC broadcasts be 'ip-helped' to the other side? Or does the
> IP-helper take precedence and ignore the ACL? I don't currently have enough
> Windows PCs in my lab to test this right now. All PCs are either 98 or NT,
> and running IP only, no netbeui. The diagram would sort of look like this:
>
> remote PC1 | |PC1
> remote PC2 |--ethernet--RTRA-----frame 56kb----RTRB---ethernet--|PC2
> remote PC3 | | | |ADMIN PC
> ip helper ip helper |...
> address is address is |PC100
> admin's PC broadcast
> address of RTRA's
> ethernet segment
> Thanks,
>
> Chuck Church
> CCNP, CCDP, MCNE, MCSE
> Sr. Network Engineer
> Magnacom Technologies
> 140 N. Rt. 303
> Valley Cottage, NY 10989
> 845-267-4000 x218
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:34 GMT-3