From: ShahzaD Ali (shahzad-ali@xxxxxxxx)
Date: Fri May 11 2001 - 10:41:22 GMT-3
Alan,
I got DLSW+'s port information from the following web site and change
the access-list. Now, I dont need to permit tcp any any gt 11000.
http://www.isi.edu/in-notes/iana/assignments/port-numbers
#
dlsrpn 2065/tcp Data Link Switch Read Port Number
dlsrpn 2065/udp Data Link Switch Read Port Number
# 2066 Unassigned
dlswpn 2067/tcp Data Link Switch Write Port Number
dlswpn 2067/udp Data Link Switch Write Port Number
new access-list
access-list 101 permit ospf any any
access-list 101 permit tcp any any eq bgp
access-list 101 permit tcp any any eq 2065
access-list 101 permit udp any any eq 2065
access-list 101 permit tcp any any eq 2067
access-list 101 permit udp any any eq 2067
access-list 101 permit gre any any
access-list 101 deny ip any any log
Any Comments folks.
Regards,
ShahzaD
-----Original Message-----
From: W. Alan Robertson [mailto:warobertson@earthlink.net]
Sent: Thursday, May 10, 2001 11:38 AM
To: ShahzaD Ali
Cc: Ccielab@Groupstudy. Com
Subject: Re: DLSw+ & ACL
Shahzad,
Your DLSW peering is working, but you're probably going to run into another
problem.
Reachability messages (CANUREACH, ICANREACH), by default, are sent via UDP.
Two ways to address this are to either allow the required UDP packets in
your
access-list, or change the behavior of your DLSW process so that it uses TCP
for
this function.
Alan
----- Original Message -----
From: "ShahzaD Ali" <shahzad-ali@home.com>
To: <HENDERSON_DAVE_G@Lilly.com>; "Tariq Sharif"
<tariq_sharif@btinternet.com>
Cc: "Ccielab@Groupstudy. Com" <ccielab@groupstudy.com>;
<nobody@groupstudy.com>
Sent: Thursday, May 10, 2001 10:32 AM
Subject: RE: DLSw+ & ACL
> I permitted ports gt 11000 and it is working now.
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:39 GMT-3