From: Brian Hescock (bhescock@xxxxxxxxx)
Date: Thu Nov 29 2001 - 13:48:07 GMT-3
Layer 2 filters would be ok too but even with an access-expression how
could you do it? example:
access-expression (lsap (200) & ????) We can't do it on the
destination mac since we wouldn't know the destination mac yet, we would
only know the station name. And we couldn't use a netbios filter,
unless I'm missing something.
Brian
xander wrote:
>Hello Brian,
>
>Thursday, November 29, 2001, 6:06:54 PM, you wrote:
>
>If you are prohobited to use layer2 filters, use icanreach mac-address
>
>BH> In light of recent events, this disclaimer: I have not seen this on
>BH> any test nor have I heard it is on any test.
>
>BH> I've been going through "DLSw+ SAP/MAC Filtering Techniques" on CCO and
>BH> see where even if you have specified "dlsw mac-addr a.b.c remote-peer
>BH> ip-address x.x.x.x" it won't block the test frame to the peer that can
>BH> reach that mac. Apparently that's because the in the reachability cache
>BH> it's listed as "unconfirm". Is there a way to force it into "confirm"
>BH> state by adding another command somewhere or another way to filter a
>BH> test frame to a specifc host? I can filter all test frames to a
>BH> specific peer, no problem at all, but not to a specific host. And do
>BH> it without using "icanreach mac-exclusive" (pretend there are numerous
>BH> hosts out there and you don't know the mac's of all of them, which is a
>BH> more realistic scenario). Granted, this isn't something you would
>BH> normally do, I'm just trying to go beyond the basics and explore all
>BH> possibilities. Is it possible to block a SNA test frame destined to a
>BH> specific host? thx
>
>BH> Brian
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:25 GMT-3