Bridging and MAC filtering

From: BRZYSKI, ADAM E (SWBT) (ab1723@xxxxxxx)
Date: Wed Aug 22 2001 - 12:02:51 GMT-3

• Next message: BRZYSKI, ADAM E (SWBT): "RE: Bridging and MAC filtering"
• Previous message: hans: "Re: isis over frame relay"
• Next in thread: BRZYSKI, ADAM E (SWBT): "RE: Bridging and MAC filtering"
• Maybe reply: BRZYSKI, ADAM E (SWBT): "RE: Bridging and MAC filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Consider the following topology:

      | |
    H-|-R1-----R2-|-H = MAC --> 00:23:45:67:89:12
      | |
Both of the routers have an attached Ethernet segment as well as a serial
point-to-point interface.

Transparent bridging is enabled on both routers.

Filtering on source MAC:

Router 2

interface ethernet 0
 bridge-group 1 input-address-list 750

access-list 750 permit 0023.4567.8912 0000.0000.0000

Filtering on destination MAC:

interface ethernet 0
 bridge-group 1 input-address-list 750

access-list 750 permit 0023.4567.8912 0000.0000.0000
access-list 750 permit FFFF.FFFF.FFFF 0000.0000.0000
access-list 750 permit 0100.0000.0000 FEFF.FFFF.FFFF

the last two entries allowing for broadcasts and multicasts.

Is this correct?

The other question I had concerns token ring.

The RII bit is defined as the high order bit of the source mac address. It
indicates the presence of a RIF field. Is this definition referencing
non-canonical representation. I am guessing it is.

Finally in a token ring environment would access-list 750 would look as
follows

 -o-R1-o-R2-o-H = MAC --> 00:23:45:67:89:12

Filtering on source MAC:

Router 2
interface tokenring 0
 source-bridge input-address-list 750

access-list 750 permit 0023.4567.8912 8000.0000.0000

Filtering on destination MAC:

Router 2
interface tokenring 0
 source-bridge output-address-list 750

access-list 750 permit 0023.4567.8912 0000.0000.0000
access-list 750 permit FFFF.FFFF.FFFF 0000.0000.0000
access-list 750 permit 8000.0000.0000 7FFF.FFFF.FFFF

once again the last two entries allowing broadcasts and multicasts.

I think that this is all correct but I need for somebody to give me a sanity
check.

Thanks! for the help.

Adam Brzyski
Design Engineer II
CCNP, CCDP, NNCDE

-----Original Message-----
From: Boris Bertelsons [mailto:info@bertelsons.de]
Sent: Monday, August 20, 2001 10:00 AM
To: BRZYSKI, ADAM E (SWBT)
Cc: ccielab@groupstudy.com
Subject: RE: ipx routing 1111.1111.1111

Hey Adam !

Please check the link below provided by Chuck and the explaining
text :

"Note: Recall that the least significant bit of the most significant octet
of an Ethernet is the "group bit." "

This means that this bit in the MAC address decides if the address
is handled as a multicast or a unicast address. If set to 1, the
address will be handled as an multicast (or broadcast) regardingless of the
rest of the address.

You see, in 01:00:5e:00:00:00 this bit is also set.
(BTW: You are right with your official multicast defenition :) ).

I hope this brings a little light into the darkness !?

Kind regards,
Boris

--
Boris Bertelsons
CCIE #6373, CCDP, CCNP Security Specialist
---------- Original Message ----------------------------------
From: "BRZYSKI, ADAM E (SWBT)" <ab1723@sbc.com>
Reply-To: "BRZYSKI, ADAM E (SWBT)" <ab1723@sbc.com>
Date: Mon, 20 Aug 2001 09:33:38 -0500
>I though that the range of mac's reserved for multicasts falls in the
>following range:
>
>01:00:5e:00:00:00 - 01:00:5e:7f:ff:ff
>
>that would not explain why 1111.1111.1111 would not work on a loopback
>interface.
>
>Adam Brzyski
>Design Engineer II
>CCNP, CCDP, NNCDE
>
>
>-----Original Message-----
>From: Bob Chahal [mailto:bob.chahal@ntlworld.com]
>Sent: Monday, August 20, 2001 3:54 AM
>To: Daniel C. Young; 'Chuck Church'; ccielab@groupstudy.com
>Subject: Re: ipx routing 1111.1111.1111
>
>
>Chuck, thanks for the reminder. I keep forgetting about this.
>
>Daniel, in a lab scenario you are very likely to be asked to configure an
>IPX network on a loopback.
>
>Thanks for the replies.
>
>Bob
>----- Original Message -----
>From: "Daniel C. Young" <danyoung99@mediaone.net>
>To: "'Chuck Church'" <cchurch@MAGNACOM.com>; "'Bob Chahal'"
><bob.chahal@ntlworld.com>; <ccielab@groupstudy.com>
>Sent: Monday, August 20, 2001 5:26 AM
>Subject: RE: ipx routing 1111.1111.1111
>
>
>> Also Bob,
>>
>> With IPX, you don't need to worry about putting networks on loopbacks.
>Think
>> about it, IPX is a desktop protocol for connecting LANs. I've never had a
>> problem with using the 'ipx routing 1.1.1' convention.
>>
>> Regards,
>> Daniel
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>> Chuck Church
>> Sent: Sunday, 19 August 2001 4:01 PM
>> To: 'Bob Chahal'; 'ccielab@groupstudy.com'
>> Subject: RE: ipx routing 1111.1111.1111
>>
>>
>> Bob,
>>
>> You're defining a multicast address.  This is from
>> http://www.cisco.com/warp/customer/473/85.shtml#multicast :
>>
>> Note: Recall that the least significant bit of the most significant octet
>of
>> an Ethernet or FDDI MAC address is the "group bit." If the bit is set
(1),
>> the MAC address is a
>> multicast (or broadcast). If the bit is not set (0), the MAC address is a
>> unicast. The MAC address 0900.3333.4444 has the group bit set, and is
>> therefore a multicast
>> MAC (09 hex = 00001001; the last bit, the group bit, is set).
>>
>> Chuck
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>> Bob Chahal
>> Sent: Sunday, August 19, 2001 5:16 PM
>> To: ccielab@groupstudy.com
>> Subject: ipx routing 1111.1111.1111
>>
>>
>> When I configure a router with
>>
>> ipx routing 1111.1111.1111
>>
>> and then configure a loopback
>>
>> int lo0
>> ipx netw 10
>>
>> if I do a show ipx int lo0 the ipx address is 10.1111.1111.1111
>>
>> if I then ping this address from the same router (i.e the router on which
>> this is configured) my pings timeout.
>>
>> If I do not configure an address with the ipx routing command the ipx add
>of
>> the lo0
>> uses tha mac address of the ethernet interface on the router and when I
>now
>> ping the lo0 it works
>>
>> p 10.0010.7bfe.6cc1
>> Translating "10.0010.7bfe.6cc1"
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte IPX cisco Echoes to 10.0010.7bfe.6cc1, timeout is 2
>> seconds:
>>
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
>>
>>
>> Can anyone explain why this happens. I was thinking of configuring my ipx
>> routers like the first method above  as it makes configuring frame-relay
>> maps easier to configure and troubleshoot but the side-effect is what I
>just
>> described.
>>
>> Thanks
>>
>> Bob
>> **Please read:http://www.groupstudy.com/list/posting.html
>> **Please read:http://www.groupstudy.com/list/posting.html
>> **Please read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: BRZYSKI, ADAM E (SWBT): "RE: Bridging and MAC filtering"
• Previous message: hans: "Re: isis over frame relay"
• Next in thread: BRZYSKI, ADAM E (SWBT): "RE: Bridging and MAC filtering"
• Maybe reply: BRZYSKI, ADAM E (SWBT): "RE: Bridging and MAC filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:56 GMT-3