From: YJC (stiff.yu@xxxxxxxxxxxxxxxxxx)
Date: Mon Feb 26 2001 - 05:43:31 GMT-3
ron,
did you try
access-list 120 permit eigrp any any
access-list 120 permit tcp any any eq bgp
access-list 120 permit 91 any any
if it can work without access-list 120 permit tcp any eq 2065 any
access-list 120 permit tcp any eq 2067 any
because FST only use ip port 91,not tcp.
----- Original Message -----
From: Ron <ron@xtranetsolutions.com>
To: David FAHED <dfahed@outremer.com>; Devon Watkins
<devon_watkins@yahoo.com>
Cc: <ccielab@groupstudy.com>
Sent: Monday, February 26, 2001 11:23 AM
Subject: Re: tcp ports for dlsw+ traffic
> Hi, Devon and David,
>
> Your suggestions are great!!! It works. But I have to open the protocol
> number 91 for FST to work. Per Caslow's CCIE book (p686), it says 71. It
> also mentioned that 2067 for dlsw+ write. Here is my access-list on R2:
>
> access-list 120 permit eigrp any any
> access-list 120 permit tcp any any eq bgp
> access-list 120 permit 91 any any
> access-list 120 permit tcp any eq 2065 any
> access-list 120 permit tcp any eq 2067 any
>
> r2#sh access-list 120
> Extended IP access list 120
> permit eigrp any any (568 matches)
> permit tcp any any eq bgp (110 matches)
> permit 91 any any (222 matches)
> permit tcp any eq 2065 any
> permit tcp any eq 2067 any
>
> Thanks again,
>
> Ron
>
>
> ----- Original Message -----
> From: David FAHED <dfahed@outremer.com>
> To: Ron <ron@xtranetsolutions.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Sunday, February 25, 2001 9:30 PM
> Subject: Re: tcp ports for dlsw+ traffic
>
>
> > My english is not perfect but I will try to explain you.
> > Router 3 have a bigger ip address than router r1. So when R1 try to make
a
> > connection to R3 (it's ok for your access-list), but R3 tear down the
tcp
> > connection on its local port 2065. Then R3 try to make the connection
(no
> > problem with your accesss-list for R3->R1 eth0 in ) but when the packet
> come
> > back R1 to R3 the packet has a tcp source of 2065 and a tcp dest >1023
> (you
> > have a problem with your access-list).
> > Try this I can't test it now but I think it will work :
> > interface e0
> > ip access-group 120 in
> > access-list 120 permit tcp any eq 2065 any
> > access-list 120 permit tcp any eq 2067 any <- I don't think you need
this.
> > Don't forget to add port 1981 1982 1983 you use priority with DLSW.
> > Try this link to know the port DLSW use...
> >
>
http://127.0.0.1:8080/cc/td/doc/product/software/ios120/12cgcr/ibm_c/bcprt2/
> bcdlsw.htm#15211
> >
> >
> >
> >
> > Ron wrote:
> >
> > > Hi, all,
> > >
> > > Besides tcp 2065 and tcp 2067, Is there any more ports for dlsw+ =
> > > traffic? I checked Cisco CD and got no answer. Before I put the =
> > > access-list 120 in the R2. The dlsw+ is working. If I put the =
> > > access-list, the dlsw+ peers are lost.
> > >
> > > Here is a scenario: R1 (fa0/0) .........(e0, access-list 120 in ) R2
=
> > > (s1)...........(s1)R3
> > > Required: only permit dlsw+ traffic pass through R2
> > > My configs:
> > > *************
> > > R1:
> > > dlsw local-peer peer-id 138.10.4.1
> > > dlsw remote-peer 0 fst 138.10.25.3=20
> > > dlsw bridge-group 1
> > >
> > > R2:
> > > interface e0
> > > ip access-group 120 in
> > > access-list 120 permit tcp any any eq 2065
> > > access-list 120 permit tcp any any eq 2067
> > >
> > > R3:
> > > dlsw local-peer peer-id 138.10.25.3
> > > dlsw remote-peer 0 fst 138.10.4.1
> > > dlsw bridge-group 1
> > >
> > > r1#sh dlsw peers
> > >
> > > Peers: state pkts_rx pkts_tx type drops ckts
TCP
> =
> > > uptime
> > >
> > > FST 138.10.25.3 DISCONN 0 0 conf 0 - -
> =
> > > -
> > >
> > > Expected: 0 Next Send: 0 Seq errors: 0
> > > Total number of connected peers: 0
> > > Total number of connections: 0
> > >
> > > ********************
> > >
> > > Thanks for any help,
> > >
> > > Ron
> > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:01 GMT-3