From: CiscoCCNP3@xxxxxxx
Date: Sun Feb 10 2002 - 16:10:49 GMT-3
hiya,
this is pretty much what i got off the DOC-CD and have been using, with a
note or two added,
denyall traffic
access-list 200 deny 0x0000 0xFFFF
IBM's SNA traffic uses Saps ranging from 0x00 to 0xFF. Virtual
telecommunications access method (VTAM) V3R4 and higher supports a SAP value
range of 4 to 252 (or 0x04 to 0xFC in hexadecimal representation), where 0xF0
is reserved for NetBIOS traffic. Saps must be multiples of 0x04 beginning
with 0x04. The following ACL permits the most common SNA Saps and denies the
rest (considering there is an implicit "deny all" at the end of
each ACL):
access-list 200 permit 0x0000 0x0D0D
IPX, using 802.2 encapsulation, uses SAP 0xE0 as the DSAP and SSAP.
Therefore, if a Cisco router is bridging IPX and the requirement is to permit
only this type of traffic, use this ACL:
access-list 200 permit 0xE0E0 0x0101
On the other hand, the following ACL blocks IPX and allows the rest of the
traffic: access-list 200 deny 0xE0E0 0x0101
access-list 200 permit 0x0000 0xFFFF
NetBIOS traffic uses SAP values 0xF0 (for commands) and0xF1 (for responses).
permit NetBIOS traffic and denies everything else(remember the implicit &
quot;deny all" at the end of each ACL):
access-list 200 permit 0xF0F0 0x0101
block NetBIOS andallow the rest of the
traffic, use this ACL:
access-list 200 deny 0xF0F0 0x0101
access-list 200 permit 0x0000 0xFFFF
from Parry;
0x0000 0x0d0d means from 0000 to 0D0D
0x0d0d 0x0000 means from 0D0D to 0D0D
hope it help,
peace \/
joey r
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:18 GMT-3