From: Waters, Kivas (UK72) (Kivas.Waters@xxxxxxxxxxxxx)
Date: Mon Jan 14 2002 - 06:51:45 GMT-3
Albert, this is my understanding of the option ...
Having "dlsw icanreach mac-exclusive" on network A of a DLSw connection
tells the other side (B) that the only MAC addresses the other side can
reach are the ones specified in the "dlsw icanreach mac-address" statement.
A-------DLSw-------B
If however you wanted a host on A that was not specified in the DLSw "dlsw
icanreach mac-address" command to be reachable only if that specific host on
A initiated a session out to a host on network B then what would you do?
Hosts on B think that they can only reach the MAC's specified in the "dlsw
icanreach mac-address command.
The answer is to use "dlsw icanreach mac-exclusive remote" on the A side
meaning, if a host on this end initiates a connection out then permit the
corresponding session traffic back from B even if the "dlsw icanreach
mac-address" statement does not specifically allow it. (sort of like a
firewall type operation)
Please someone correct me if I'm wrong about this.
regards
Ki
-----Original Message-----
From: Albert Lu [mailto:albert_ccie@yahoo.com]
Sent: 14 January 2002 04:38
To: ccielab@groupstudy.com
Subject: dlsw icanreach mac-exclusive remote
I've been reading this CCO reference:
http://www.cisco.com/warp/customer/697/dlswfilter.shtml
Can anyone clarify the difference between "dlsw icanreach mac-exclusive" and
"dlsw icanreach mac-exclusive remote"?
>From the reference, it says that "With the remote keyword we allow other
devices at the centreal router (that are not specified in the dlsw icanreach
mac-address command) to make outgoing connections."
I thought that the "dlsw icanreach mac-address" and "dlsw icanreach
mac-exclusive" would stop remote hosts from connecting to any other hosts
apart from the specified mac-address. It shouldn't affect hosts trying to
make outgoing connections.
Thanks
Albert
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:27 GMT-3