From: Yves Fauser (Yves@xxxxxxxxx)
Date: Tue Aug 28 2001 - 09:06:46 GMT-3
Voller,
your right, if you configure an <icanreach mac-address> with <icanreach
mac-exclusive>, hosts connected over R2 will only reach the 1.1.xxxx
hosts on
R1. Also since you advised R1 that it can only reach 1.1.xxxx, if an
explorer
frame is send out on R1's Token-Ring DLSW will not send out an explorer
frame if
it finds all 1.1.xxxx stations locally on the ring.
Example 1 :
- A host on R1's Token-Ring wants to reach 0000.4000.0001
- The host sends out a local explorer into the ring which it gets back
without
the copy bit set.
- The host now sends out an single or all-routes explorer
- The source bridge defined on R1 gets the explorer and sends it into
the
Virtual Ring on R1
- The DLSW peer on R1 sees the explorer, but since it was advised that
it can
only reach 1.1.xxxx and nothing else it ignores the Frame.
- The host on R1's Token-ring does not get a response to it's explorer.
Example 2 :
- A host on R1's Token-Ring wants to reach 0001.0001.1234
- The host sends out a local explorer into the ring, a host with the mac
0001.0001.1234 gets the explorer and sends a response.
- Both Host can now communicate with each other
Example 3 : (not 100% sure about this, please check in your Lab !)
- A host on R1's Token-Ring wants to reach 0001.0001.5678
- The host sends out a local explorer into the ring which it gets back
without
the copy bit set.
- The host now sends out an single or all-routes explorer
- The source bridge defined on R1 gets the explorer and sends it into
the
Virtual Ring on R1
- The DLSW peer on R1 sees the explorer, sees that it can reach it, but
does
not know how.
- The DLSW peer sends out an dlsw canureach explorer to R2
So I think that using <icanreach mac-exclusive> partially does what you
want.
If you use <icanreach> this doesn't mean that you will see an entry in
R1 reachability table, since you only said that you can reach it, but
not how. If you want to have an entry in the reachability cache you'll
have to use a static <dlsw mac-address> statement on R1 pointing to the
destination.
Let us know what you found out, good luck, Yves
> > Hi,
> >
> > Thanks for your suggestion.
> > But if I configure dmac-output-list (filter 1.1.XXXX) on R1, this filter
> > just blocks all traffic destined to mac-address 1.1.XXXX instead of blockin
g
> > the explorer frames to hosts with the other mac-address.
> > As I know, if I use the icanreach and mac-exclusive commands on R1, other
> > hosts with mac-addresses (not 1.1.XXXX) on To1 cannot send explorer frames
> > since it is dropped by R1. However, how to filter all explorer frames on R1
> > and R2 can only access to hosts with mac-address 1.1.XXXX on to1?
> >
> > Please comment.
> >
> > Many thanks, Voller
> >
> > -----Original Message-----
> > From: Stanford M. Wong [mailto:stanford@cns-hawaii.com]
> > Sent: Tuesday, August 28, 2001 10:09 AM
> > To: Lam, Voller; ccielab@groupstudy.com
> > Subject: RE: Question on DLSW+
> >
> > no, use a dmac-output-list, the difference with the icanreach and
> > mac-exclusive command is that it only affects the capabilities not the
> > actual explorer frames.
> >
> > example
> > dlsw remote-peer 0 tcp <ip address of your dlsw peer> dmac-output-list 700
> > access-list 700 permit 0001.0001.0000 0000.0000.ffff
> >
> > hope this helps....
> > stanford
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Voller.Lam@Level3.com
> > Sent: Monday, August 27, 2001 3:40 PM
> > To: ccielab@groupstudy.com
> > Subject: Question on DLSW+
> >
> > Hi group,
> >
> > I have question about dlsw icanreach. The diagram is shown as below:
> >
> > Hosts -- To1 -- R1 --------------- R2
> >
> > R1 is connecting to R2 through DLSW+. All hosts connecting to To1 have
> > mac-address 1.1.XXXX (X=any number). How can I filter out all explorer
> > frames from hosts on To1 to R2 through DLSW+? Is it possible to use
> > icanreach and mac-exclusive command on R1 to do that?
> >
> > Please comment.
> >
> > Many thanks,Voller
> > **Please read:http://www.groupstudy.com/list/posting.html
> > **Please read:http://www.groupstudy.com/list/posting.html
wrote:
> Hi,
>
> Thanks for your suggestion.
> But if I configure dmac-output-list (filter 1.1.XXXX) on R1, this filter
> just blocks all traffic destined to mac-address 1.1.XXXX instead of blocking
> the explorer frames to hosts with the other mac-address.
> As I know, if I use the icanreach and mac-exclusive commands on R1, other
> hosts with mac-addresses (not 1.1.XXXX) on To1 cannot send explorer frames
> since it is dropped by R1. However, how to filter all explorer frames on R1
> and R2 can only access to hosts with mac-address 1.1.XXXX on to1?
>
> Please comment.
>
> Many thanks, Voller
>
> -----Original Message-----
> From: Stanford M. Wong [mailto:stanford@cns-hawaii.com]
> Sent: Tuesday, August 28, 2001 10:09 AM
> To: Lam, Voller; ccielab@groupstudy.com
> Subject: RE: Question on DLSW+
>
> no, use a dmac-output-list, the difference with the icanreach and
> mac-exclusive command is that it only affects the capabilities not the
> actual explorer frames.
>
> example
> dlsw remote-peer 0 tcp <ip address of your dlsw peer> dmac-output-list 700
> access-list 700 permit 0001.0001.0000 0000.0000.ffff
>
> hope this helps....
> stanford
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Voller.Lam@Level3.com
> Sent: Monday, August 27, 2001 3:40 PM
> To: ccielab@groupstudy.com
> Subject: Question on DLSW+
>
> Hi group,
>
> I have question about dlsw icanreach. The diagram is shown as below:
>
> Hosts -- To1 -- R1 --------------- R2
>
> R1 is connecting to R2 through DLSW+. All hosts connecting to To1 have
> mac-address 1.1.XXXX (X=any number). How can I filter out all explorer
> frames from hosts on To1 to R2 through DLSW+? Is it possible to use
> icanreach and mac-exclusive command on R1 to do that?
>
> Please comment.
>
> Many thanks,Voller
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:59 GMT-3