RE: What takes precedence, IP forward protocol or ACL?

From: Chuck Church (cchurch@xxxxxxxxxxxx)
Date: Fri Feb 02 2001 - 10:47:53 GMT-3


   
Thanks, guys.

Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218

-----Original Message-----
From: Bernard Dunn [mailto:dunn@cisco.com]
Sent: Friday, February 02, 2001 4:14 AM
To: Chuck Church
Cc: 'Robert DeVito'; CCIE Lab group (E-mail)
Subject: RE: What takes precedence, IP forward protocol or ACL?

The ACL would be hit first. After other checks (NAT, etcc..) then we
figure out how to forward the packet.

Regards

Bernard.

On Thu, 1 Feb 2001, Chuck Church wrote:

> These PC's are using IP, not Netbeui. I thought DLSW only handled
> non-routable, bridged traffic. Am I missing something?
>
> Chuck Church
> CCNP, CCDP, MCNE, MCSE
> Sr. Network Engineer
> Magnacom Technologies
> 140 N. Rt. 303
> Valley Cottage, NY 10989
> 845-267-4000 x218
>
>
>
> -----Original Message-----
> From: Robert DeVito [mailto:robertdevito@hotmail.com]
> Sent: Thursday, February 01, 2001 10:14 PM
> To: cchurch@MAGNACOM.com; ccielab@groupstudy.com
> Subject: Re: What takes precedence, IP forward protocol or ACL?
>
>
> DLSW might solve your problem, but it could be a pretty big overhead with
> 56k lines. It would do the job, though. The only problem I have found
with
>
> this solution is that you will sometimes have to search for the computer
> name (find computer).
>
> Let me know how you make out...
>
> Robert
>
>
> ----Original Message Follows----
> From: Chuck Church <cchurch@MAGNACOM.com>
> Reply-To: Chuck Church <cchurch@MAGNACOM.com>
> To: "CCIE Lab group (E-mail)" <ccielab@groupstudy.com>
> Subject: What takes precedence, IP forward protocol or ACL?
> Date: Thu, 1 Feb 2001 21:43:11 -0500
>
> All,
>
> Sorry to ask a customer-related question, but since it's so bizarre,
> I figured it's a possibility on the lab :) I've got a main location with
> about 100 users, including 1 control-freak admin. I'm rolling out a frame
> network to several remote offices. The admin would like to be able to see
> the remote workstations in his network neighborhood for admin purposes.
> They don't own any NT servers, so WINs is not an option. I've done IP
> helper and forward protocol UDP 137-139 in small locations to allow
computer
> browsing, but because of the 56 kb frame circuit and the fact that there's
> 100 users at the main location, I don't want to forward all the netbios
> broadcasts from the main segment to the remote frame location. If I use
an
> extended ACL to allow NB broadcasts incoming on the ethernet to allow only
> the admin workstation, and have an IP helper on that interface, will only
> the admin PC broadcasts be 'ip-helped' to the other side? Or does the
> IP-helper take precedence and ignore the ACL? I don't currently have
enough
> Windows PCs in my lab to test this right now. All PCs are either 98 or
NT,
> and running IP only, no netbeui. The diagram would sort of look like
this:
>
> remote PC1 | |PC1
> remote PC2 |--ethernet--RTRA-----frame 56kb----RTRB---ethernet--|PC2
> remote PC3 | | | |ADMIN PC
> ip helper ip helper |...
> address is address is |PC100
> admin's PC broadcast
> address of RTRA's
> ethernet segment
> Thanks,
>
> Chuck Church
> CCNP, CCDP, MCNE, MCSE
> Sr. Network Engineer
> Magnacom Technologies
> 140 N. Rt. 303
> Valley Cottage, NY 10989
> 845-267-4000 x218
>



This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:34 GMT-3