Re: lsap access-list

From: Yves Fauser (Yves@xxxxxxxxx)
Date: Thu Aug 23 2001 - 12:16:22 GMT-3

• Next message: Padhu (LFG): "ISIS over frame relay"
• Previous message: Conte, Charles: "RE: default orignate"
• Maybe in reply to: Marek Janik: "lsap access-list"
• Next in thread: tom cheung: "Re: lsap access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi Marek,

I asked this myself a lot of times, the answer can be found reading the 802.2 S
pec that you can
download free at www.ieee.org.
The 802.2 header contains the DSAP and SSAP Addresses to identify the upper lay
er protocols.

The DSAP has the following Format :

 1 2 3 4 5 6 7 8
I/G D D D D D D D

The first bit identifies the frame as an individual frame, or an frame destined
 to a group.

The SSAP has the following Format :

 1 2 3 4 5 6 7 8
C/R S S S S S S S

The first bit identifies the frame as an Control (0) or response Frame (1)

The format of the 200 acl is 0x<dsap><ssap> 0x<dsap wc><ssap wc>.

A Netbios or SNA Host will send frames with the C/R bit sent to either 0/1 so t
he actual SSAP is
F0, but when the response bit is set it is F1. So for Netbios to work you have
to use 0xF0F0
0x0001 which allows an netbios client to communicate with an remote individual
netbios host.

An 0xF0F0 0x0101 would also allow frames send out to a group address. I don't k
now were it is
used, if you look at :
http://www.cisco.com/warp/public/111/12.html

You will see F0 but not F1, 5 is an SNA path control group address. I tried out
 to find out a bit
more about that but I did not find a lot about which application would set the
group bit in the
DSAP. For the lab I think it would not hurt to use 0xF0F0 0x0101 or 0x0404 0x0D
0D since it is
like this in the cisco docu.

Good luck, Yves

Marek Janik wrote:

> Hello ccielab,
> In cisco CD I've found example lsap access-list
> ! Access list 201 passes NetBIOS frames (command or response)
> access-list 201 permit 0xF0F0 0x0001
> but in TAC
> http://www.cisco.com/warp/public/698/acl200.html
> I've found this
> NetBIOS traffic uses SAP values 0xF0 (for commands) and 0xF1
> (for responses). Typically, network administrators
> use these SAP values to filter this protocol.
> The access list entry depicted below permits NetBIOS
> traffic and denies everything else (remember the implicit "deny all" at the e
nd of each ACL):
> access-list 200 permit 0xF0F0 0x0101
> And I don't know what is right ....
> --
> Marek Janik CCDP/CCNP+Security
> Network Integration Department
> MCX sp. z o.o., Towarowa 7A, PL 00-839 Warszawa, POLAND
> +48225484719, fax +48225484682, http://www.mcx.com.pl
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Padhu (LFG): "ISIS over frame relay"
• Previous message: Conte, Charles: "RE: default orignate"
• Maybe in reply to: Marek Janik: "lsap access-list"
• Next in thread: tom cheung: "Re: lsap access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:56 GMT-3