From: Ron (ron@xxxxxxxxxxxxxxxxxxxx)
Date: Mon Feb 26 2001 - 00:23:20 GMT-3
Hi, Devon and David,
Your suggestions are great!!! It works. But I have to open the protocol
number 91 for FST to work. Per Caslow's CCIE book (p686), it says 71. It
also mentioned that 2067 for dlsw+ write. Here is my access-list on R2:
access-list 120 permit eigrp any any
access-list 120 permit tcp any any eq bgp
access-list 120 permit 91 any any
access-list 120 permit tcp any eq 2065 any
access-list 120 permit tcp any eq 2067 any
r2#sh access-list 120
Extended IP access list 120
permit eigrp any any (568 matches)
permit tcp any any eq bgp (110 matches)
permit 91 any any (222 matches)
permit tcp any eq 2065 any
permit tcp any eq 2067 any
Thanks again,
Ron
----- Original Message -----
From: David FAHED <dfahed@outremer.com>
To: Ron <ron@xtranetsolutions.com>
Cc: <ccielab@groupstudy.com>
Sent: Sunday, February 25, 2001 9:30 PM
Subject: Re: tcp ports for dlsw+ traffic
> My english is not perfect but I will try to explain you.
> Router 3 have a bigger ip address than router r1. So when R1 try to make a
> connection to R3 (it's ok for your access-list), but R3 tear down the tcp
> connection on its local port 2065. Then R3 try to make the connection (no
> problem with your accesss-list for R3->R1 eth0 in ) but when the packet
come
> back R1 to R3 the packet has a tcp source of 2065 and a tcp dest >1023
(you
> have a problem with your access-list).
> Try this I can't test it now but I think it will work :
> interface e0
> ip access-group 120 in
> access-list 120 permit tcp any eq 2065 any
> access-list 120 permit tcp any eq 2067 any <- I don't think you need this.
> Don't forget to add port 1981 1982 1983 you use priority with DLSW.
> Try this link to know the port DLSW use...
>
http://127.0.0.1:8080/cc/td/doc/product/software/ios120/12cgcr/ibm_c/bcprt2/
bcdlsw.htm#15211
>
>
>
>
> Ron wrote:
>
> > Hi, all,
> >
> > Besides tcp 2065 and tcp 2067, Is there any more ports for dlsw+ =
> > traffic? I checked Cisco CD and got no answer. Before I put the =
> > access-list 120 in the R2. The dlsw+ is working. If I put the =
> > access-list, the dlsw+ peers are lost.
> >
> > Here is a scenario: R1 (fa0/0) .........(e0, access-list 120 in ) R2 =
> > (s1)...........(s1)R3
> > Required: only permit dlsw+ traffic pass through R2
> > My configs:
> > *************
> > R1:
> > dlsw local-peer peer-id 138.10.4.1
> > dlsw remote-peer 0 fst 138.10.25.3=20
> > dlsw bridge-group 1
> >
> > R2:
> > interface e0
> > ip access-group 120 in
> > access-list 120 permit tcp any any eq 2065
> > access-list 120 permit tcp any any eq 2067
> >
> > R3:
> > dlsw local-peer peer-id 138.10.25.3
> > dlsw remote-peer 0 fst 138.10.4.1
> > dlsw bridge-group 1
> >
> > r1#sh dlsw peers
> >
> > Peers: state pkts_rx pkts_tx type drops ckts TCP
=
> > uptime
> >
> > FST 138.10.25.3 DISCONN 0 0 conf 0 - -
=
> > -
> >
> > Expected: 0 Next Send: 0 Seq errors: 0
> > Total number of connected peers: 0
> > Total number of connections: 0
> >
> > ********************
> >
> > Thanks for any help,
> >
> > Ron
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:01 GMT-3