From: Yves Fauser (Yves@xxxxxxxxx)
Date: Wed Aug 29 2001 - 04:09:49 GMT-3
Hi Bob,
You seem to have some information's that I don't have. I didn't had the
chance to test it in a Lab, so my only resource is our well known link :
http://www.cisco.com/warp/public/697/dlswfilter.shtml
Take a look at the Part :
"Configuring dlsw icanreach mac-exclusive remote at Central Router"
So this is my reference, what is yours ? It would be nice if you could
explain
why you think I'm wrong instead of just saying that I'm wrong.
Greetings, Yves
Bob Chahal wrote:
> Yves,
>
> In your example 1 R1 would send an explorer for 0000.4000.0001
> to R2.
>
> Bob
>
> ----- Original Message -----
> From: "Yves Fauser" <Yves@Fauser.de>
> To: <Voller.Lam@Level3.com>
> Cc: <stanford@cns-hawaii.com>; <ccielab@groupstudy.com>
> Sent: Tuesday, August 28, 2001 1:06 PM
> Subject: Re: Question on DLSW+
>
> > Voller,
> >
> > your right, if you configure an <icanreach mac-address> with <icanreach
> > mac-exclusive>, hosts connected over R2 will only reach the 1.1.xxxx
> > hosts on
> > R1. Also since you advised R1 that it can only reach 1.1.xxxx, if an
> > explorer
> > frame is send out on R1's Token-Ring DLSW will not send out an explorer
> > frame if
> > it finds all 1.1.xxxx stations locally on the ring.
> >
> > Example 1 :
> > - A host on R1's Token-Ring wants to reach 0000.4000.0001
> > - The host sends out a local explorer into the ring which it gets back
> > without
> > the copy bit set.
> > - The host now sends out an single or all-routes explorer
> > - The source bridge defined on R1 gets the explorer and sends it into
> > the
> > Virtual Ring on R1
> > - The DLSW peer on R1 sees the explorer, but since it was advised that
> > it can
> > only reach 1.1.xxxx and nothing else it ignores the Frame.
> > - The host on R1's Token-ring does not get a response to it's explorer.
> >
> > Example 2 :
> > - A host on R1's Token-Ring wants to reach 0001.0001.1234
> > - The host sends out a local explorer into the ring, a host with the mac
> > 0001.0001.1234 gets the explorer and sends a response.
> > - Both Host can now communicate with each other
> >
> > Example 3 : (not 100% sure about this, please check in your Lab !)
> > - A host on R1's Token-Ring wants to reach 0001.0001.5678
> > - The host sends out a local explorer into the ring which it gets back
> > without
> > the copy bit set.
> > - The host now sends out an single or all-routes explorer
> > - The source bridge defined on R1 gets the explorer and sends it into
> > the
> > Virtual Ring on R1
> > - The DLSW peer on R1 sees the explorer, sees that it can reach it, but
> > does
> > not know how.
> > - The DLSW peer sends out an dlsw canureach explorer to R2
> >
> > So I think that using <icanreach mac-exclusive> partially does what you
> > want.
> > If you use <icanreach> this doesn't mean that you will see an entry in
> > R1 reachability table, since you only said that you can reach it, but
> > not how. If you want to have an entry in the reachability cache you'll
> > have to use a static <dlsw mac-address> statement on R1 pointing to the
> > destination.
> >
> > Let us know what you found out, good luck, Yves
> >
> >
> > Voller.Lam@Level3.com
> >
> >
> > > > Hi,
> > > >
> > > > Thanks for your suggestion.
> > > > But if I configure dmac-output-list (filter 1.1.XXXX) on R1, this
> filter
> > > > just blocks all traffic destined to mac-address 1.1.XXXX instead of
> blocking
> > > > the explorer frames to hosts with the other mac-address.
> > > > As I know, if I use the icanreach and mac-exclusive commands on R1,
> other
> > > > hosts with mac-addresses (not 1.1.XXXX) on To1 cannot send explorer
> frames
> > > > since it is dropped by R1. However, how to filter all explorer frames
> on R1
> > > > and R2 can only access to hosts with mac-address 1.1.XXXX on to1?
> > > >
> > > > Please comment.
> > > >
> > > > Many thanks, Voller
> > > >
> > > > -----Original Message-----
> > > > From: Stanford M. Wong [mailto:stanford@cns-hawaii.com]
> > > > Sent: Tuesday, August 28, 2001 10:09 AM
> > > > To: Lam, Voller; ccielab@groupstudy.com
> > > > Subject: RE: Question on DLSW+
> > > >
> > > > no, use a dmac-output-list, the difference with the icanreach and
> > > > mac-exclusive command is that it only affects the capabilities not the
> > > > actual explorer frames.
> > > >
> > > > example
> > > > dlsw remote-peer 0 tcp <ip address of your dlsw peer> dmac-output-list
> 700
> > > > access-list 700 permit 0001.0001.0000 0000.0000.ffff
> > > >
> > > > hope this helps....
> > > > stanford
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > > > Voller.Lam@Level3.com
> > > > Sent: Monday, August 27, 2001 3:40 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: Question on DLSW+
> > > >
> > > > Hi group,
> > > >
> > > > I have question about dlsw icanreach. The diagram is shown as below:
> > > >
> > > > Hosts -- To1 -- R1 --------------- R2
> > > >
> > > > R1 is connecting to R2 through DLSW+. All hosts connecting to To1
> have
> > > > mac-address 1.1.XXXX (X=any number). How can I filter out all explorer
> > > > frames from hosts on To1 to R2 through DLSW+? Is it possible to use
> > > > icanreach and mac-exclusive command on R1 to do that?
> > > >
> > > > Please comment.
> > > >
> > > > Many thanks,Voller
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> > wrote:
> >
> > > Hi,
> > >
> > > Thanks for your suggestion.
> > > But if I configure dmac-output-list (filter 1.1.XXXX) on R1, this filter
> > > just blocks all traffic destined to mac-address 1.1.XXXX instead of
> blocking
> > > the explorer frames to hosts with the other mac-address.
> > > As I know, if I use the icanreach and mac-exclusive commands on R1,
> other
> > > hosts with mac-addresses (not 1.1.XXXX) on To1 cannot send explorer
> frames
> > > since it is dropped by R1. However, how to filter all explorer frames on
> R1
> > > and R2 can only access to hosts with mac-address 1.1.XXXX on to1?
> > >
> > > Please comment.
> > >
> > > Many thanks, Voller
> > >
> > > -----Original Message-----
> > > From: Stanford M. Wong [mailto:stanford@cns-hawaii.com]
> > > Sent: Tuesday, August 28, 2001 10:09 AM
> > > To: Lam, Voller; ccielab@groupstudy.com
> > > Subject: RE: Question on DLSW+
> > >
> > > no, use a dmac-output-list, the difference with the icanreach and
> > > mac-exclusive command is that it only affects the capabilities not the
> > > actual explorer frames.
> > >
> > > example
> > > dlsw remote-peer 0 tcp <ip address of your dlsw peer> dmac-output-list
> 700
> > > access-list 700 permit 0001.0001.0000 0000.0000.ffff
> > >
> > > hope this helps....
> > > stanford
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > > Voller.Lam@Level3.com
> > > Sent: Monday, August 27, 2001 3:40 PM
> > > To: ccielab@groupstudy.com
> > > Subject: Question on DLSW+
> > >
> > > Hi group,
> > >
> > > I have question about dlsw icanreach. The diagram is shown as below:
> > >
> > > Hosts -- To1 -- R1 --------------- R2
> > >
> > > R1 is connecting to R2 through DLSW+. All hosts connecting to To1 have
> > > mac-address 1.1.XXXX (X=any number). How can I filter out all explorer
> > > frames from hosts on To1 to R2 through DLSW+? Is it possible to use
> > > icanreach and mac-exclusive command on R1 to do that?
> > >
> > > Please comment.
> > >
> > > Many thanks,Voller
> > > **Please read:http://www.groupstudy.com/list/posting.html
> > > **Please read:http://www.groupstudy.com/list/posting.html
> > **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:59 GMT-3