Re: Filtering SNA

From: Brian (signal@xxxxxxxxxx)
Date: Wed Jun 06 2001 - 17:36:14 GMT-3

• Next message: Eric Lemmons: "Lab Swap RTP July 18/19 for RTP/SJ mid to late August"
• Previous message: Ronald Ramcharran: "Re: Filtering SNA"
• Maybe in reply to: Ronald Ramcharran: "Filtering SNA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I think the 0d0d mask would mess up FOFO

On Wed, 6 Jun 2001, Ronald Ramcharran wrote:

> But F0F0 and F1F1 is in this range.
>
> If this is the correct way to filter this then both SNA and Netbios will be
> allowed.
> ----- Original Message -----
> From: "Brian" <signal@shreve.net>
> To: "Ronald Ramcharran" <RonaldR@SpeakEasy.Net>
> Cc: "GroupStudy" <ccielab@groupstudy.com>
> Sent: Wednesday, June 06, 2001 9:23 AM
> Subject: Re: Filtering SNA
>
>
> >
> > access-list 200 permit 0x0000 0x0D0D
> >
> > is what you want............their is an implicit deny after this
> >
> > Brian
> >
> >
> > On Wed, 6 Jun 2001, Ronald Ramcharran wrote:
> >
> > > I am reading this Doc but I am not sure I am getting this correctly.
> > >
> > > http://www.cisco.com/warp/public/698/acl200.htm
> > >
> > > Filtering Systems Network Architecture (SNA)
> > > IBM's SNA traffic uses SAPs ranging from 0x00 to 0xFF. Virtual
> > > telecommunications access method (VTAM) V3R4 and higher supports a SAP
> value
> > > range of 4 to 252 (or 0x04 to 0xFC in hexadecimal representation), where
> 0xF0
> > > is reserved for NetBIOS traffic. SAPs must be multiples of 0x04
> beginning with
> > > 0x04. The following ACL permits the most common SNA SAPs and denies the
> rest
> > > (considering there is an implicit "deny all" at the end of each ACL):
> > >
> > > access-list 200 permit 0x0000 0x0D0D
> > >
> > >
> > >
> > > The line I am unsure about is "Virtual telecommunications access method
> (VTAM)
> > > V3R4 and higher supports a SAP value range of 4 to 252 (or 0x04 to 0xFC
> in
> > > hexadecimal representation), where 0xF0 is reserved for NetBIOS
> traffic."
> > >
> > > Do this mean if I want to allow ONLY SNA traffic my acl should look like
> > > this?
> > >
> > > access-list 200 deny 0xF0F0 0x0101
> > > access-list 200 permit 0x0000 0x0D0D
> > >
> > > or
> > >
> > > access-list 200 permit 0x0000 0x0D0D
> > >
> > > is good enough?
> > > **Please read:http://www.groupstudy.com/list/posting.html
> > -----------------------------------------------
> > I'm buying / selling used CISCO gear!!
> > email me for a quote
> >
> > Brian Feeny,CCDP,CCNP+VAS Scarlett Parria
> > signal@netjam.net scarlett@netjam.net
> > 318-213-4709 318-213-4701
> >
> > Netjam, LLC http://www.netjam.net
> > 333 Texas St. VISA/MC/AMEX/COD
> > Suite 1401 30 day warranty
> > Shreveport, LA 71101 Cisco Channel Partner
> > toll free: 866-2NETJAM
> > phone: 318-212-0245
> > fax: 318-212-0246
> >
> >
>

-----------------------------------------------
    I'm buying / selling used CISCO gear!!
            email me for a quote

Brian Feeny,CCDP,CCNP+VAS Scarlett Parria
signal@netjam.net scarlett@netjam.net
318-213-4709 318-213-4701

Netjam, LLC http://www.netjam.net
333 Texas St. VISA/MC/AMEX/COD
Suite 1401 30 day warranty
Shreveport, LA 71101 Cisco Channel Partner
toll free: 866-2NETJAM
phone: 318-212-0245
fax: 318-212-0246
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Eric Lemmons: "Lab Swap RTP July 18/19 for RTP/SJ mid to late August"
• Previous message: Ronald Ramcharran: "Re: Filtering SNA"
• Maybe in reply to: Ronald Ramcharran: "Filtering SNA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:19 GMT-3