Re: access-expression

From: leizheng (leon_lei@xxxxxxxxxxx)
Date: Fri Feb 22 2002 - 21:31:02 GMT-3

• Next message: Tony: "Re: Token Ring connectivity problem"
• Previous message: Peter Dostal: "RE: PPP Callback with Async Interfaces"
• Maybe in reply to: Ahmed Mamoor Amimi: "access-expression"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
The following configuration is an example about access-expression on CCO:

Pass if "NetBIOS or (SNA and destined to 0110.2222.3333)."

interface tokenring 0
access-expression in lsap(201) | (lsap(202) & dmac(701))
!
! Access list 201 passes NetBIOS frames (command or response)
access-list 201 permit 0xF0F0 0x0001
!
access-list 202 permit 0x0404 0x0001 ! Permits SNA frames (command or response)
access-list 202 permit 0x0004 0x0001 ! Permits NSA Explorers with NULL DSAP
!
! Access list 701 will permit the FEP MAC address of 0110.2222.3333
access-list 701 permit 0110.2222.3333

----- Original Message -----
From: "David Ham" <David.Ham@optus.com.au>
To: "alain faure" <alainfaure@yahoo.fr>; "Ahmed Mamoor Amimi" <mamoor@ieee.org>
; <ccielab@groupstudy.com>
Sent: Thursday, February 21, 2002 4:14 PM
Subject: RE: access-expression

> Hi
>
> I am using
> access-list 200 permit 0xF0F0 0x0101 ---> Netbios
> access-list 200 permit 0x0000 0x0D0D ---> SNA
> access-list 200 permit 0xE0E0 0x0101 ---> IPX
>
> David Ham
>
> -----Original Message-----
> From: alain faure [mailto:alainfaure@yahoo.fr]
> Sent: Monday, 18 February 2002 2:04
> To: Ahmed Mamoor Amimi; ccielab@groupstudy.com
> Subject: Re: access-expression
>
>
> Hello,
>
> See it too, but if you at :
>
> http://www.cisco.com/warp/public/698/acl200.html
>
> it seemes that you can selecte SNA by
> access-list 200 permit 0x0000 0x0D0D
>
> I don't knoow what to think about
>
> and what about ipx ?
>
> Best regards
>
> --- Ahmed Mamoor Amimi <mamoor@ieee.org> a icrit : > I got my answer at :
> >
> >
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_
> c
> > /bcprt1/bcdsrb.htm#xtocid1735747
> >
> > some last example..... both are true mine and cisco one... the obove one
> was
> > cisco and below was mine. this is another way to hold ur ear.
> >
> > -Mamoor
> >
> > ----- Original Message -----
> > From: Ahmed Mamoor Amimi
> > To: ccielab@groupstudy.com
> > Sent: Sunday, February 17, 2002 6:02 PM
> > Subject: access-expression
> >
> >
> > "Pass the frame if it is a NetBIOS frame or if it is an SNA frame destined
> to
> > address 0110.2222.3333."
> > ONE WAY to configure the above pharse
> > interface tokenring 0
> > access-expression in ~lsap(202) | dmac(701)
> > !
> > access-list 202 permit 0x0404 0x0001
> > access-list 202 permit 0x0004 0x0001
> > access-list 701 permit 0110.2222.3333
> >
> > SECOND WAY
> > interface tokenring 0
> > access-expression out (lsap(200) | (dmac(700) & lsap(201))
> > access-list 200 permit 0xF0F0 0X0101
> > access-list 201 permit 0x0000 0x0D0D
> > access-list 701 permit 0110.2222.3333 0000.0000.0000
> > need confirmation that the access-expression is the same both way.
> >
> > -Mamoor

• Next message: Tony: "Re: Token Ring connectivity problem"
• Previous message: Peter Dostal: "RE: PPP Callback with Async Interfaces"
• Maybe in reply to: Ahmed Mamoor Amimi: "access-expression"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:31 GMT-3