From: Chua, Parry (Parry.Chua@xxxxxxxxxx)
Date: Sun Dec 02 2001 - 00:44:32 GMT-3
You can try this
1. Deny 0/1
2. Permit 4/8/C + 1
This take two access list instead of three
access-list 201 deny 0x0000 0x0101
access-list 201 permit 0x0000 0x0d0d
Regards
Parry
-----Original Message-----
From: Asbjorn Hojmark [mailto:Asbjorn@Hojmark.ORG]
Sent: Saturday, December 01, 2001 9:21 PM
To: 'JAMES'
Cc: ccielab@groupstudy.com
Subject: RE: DLSw+ and SNA frame...?
> I just want to transfer about SNA frame type 0x04, 0x08, 0x0c
> and their reply frame on the DLSw+ link ... However, I want to
> deny other...
4, 8 and C (hex) can be written as:
00000100 (0x04)
00001000 (0x08)
00001100 (0x0c)
So your wildcard (dont't care) should be:
00001100 (0x0c)
Since command/response is the last bit, replys would be:
00000101 (0x05)
00001001 (0x09)
00001101 (0x0d)
And you'd have to change the mask to
00001101 (0x0d)
So this boils down to:
access-list 201 permit 0x0000 0x0d0d
But using 0x00 with mask 0x0d would also allow SAP 0x00/0x01, so
if you explicitly want to allow only the three SAPs mentioned,
then I guess you'll have to stick with three commands and not
summarize:
access-list 201 permit 0x0404 0x0101
access-list 201 permit 0x0808 0x0101
access-list 201 permit 0x0c0c 0x0101
Comments anyone?
-A
-- Heroes: Vint Cerf & Bob Kahn, Leonard Kleinrock, Robert Metcalfe Links : http://www.hojmark.org/networking/
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:35 GMT-3