From: Devon Watkins (devon_watkins@xxxxxxxxx)
Date: Sun Feb 25 2001 - 23:08:28 GMT-3
Ron,
It looks like you are using FST encap for your DLSW remote peers. FST does
not use tcp so there are no tcp port numbers to allow though.
Your access list is allowing packets with TCP port numbers 2065 and 2067
(although I THOUGHT TCP encap used 2065 only , unless the priority key word
was used and then it uses 2065, 1981, 1982, and 1983) and because of the
implicit deny any at the end, your FST packets are not getting through.
Hope this helps,
Devon
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Ron
Sent: Sunday, February 25, 2001 7:44 PM
To: ccielab@groupstudy.com
Subject: tcp ports for dlsw+ traffic
Hi, all,
Besides tcp 2065 and tcp 2067, Is there any more ports for dlsw+ =
traffic? I checked Cisco CD and got no answer. Before I put the =
access-list 120 in the R2. The dlsw+ is working. If I put the =
access-list, the dlsw+ peers are lost.
Here is a scenario: R1 (fa0/0) .........(e0, access-list 120 in ) R2 =
(s1)...........(s1)R3
Required: only permit dlsw+ traffic pass through R2
My configs:
*************
R1:
dlsw local-peer peer-id 138.10.4.1
dlsw remote-peer 0 fst 138.10.25.3=20
dlsw bridge-group 1
R2:
interface e0
ip access-group 120 in
access-list 120 permit tcp any any eq 2065
access-list 120 permit tcp any any eq 2067
R3:
dlsw local-peer peer-id 138.10.25.3
dlsw remote-peer 0 fst 138.10.4.1
dlsw bridge-group 1
r1#sh dlsw peers
Peers: state pkts_rx pkts_tx type drops ckts TCP =
uptime
FST 138.10.25.3 DISCONN 0 0 conf 0 - - =
-
Expected: 0 Next Send: 0 Seq errors: 0
Total number of connected peers: 0
Total number of connections: 0
********************
Thanks for any help,
Ron
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:01 GMT-3