Re: LSAP Codes, Filtering SNA and Netbios Traffic

From: Ahmed Mamoor Amimi (mamoor@xxxxxxxx)
Date: Sun Mar 03 2002 - 21:39:47 GMT-3

• Next message: Rob Rummel: "RE: distribution lists in RIP"
• Previous message: Ouellette, Tim: "RE: Summarization?? What's that? (bug report)"
• Maybe in reply to: Gregg Malcolm: "LSAP Codes, Filtering SNA and Netbios Traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
For SNA there are differeent types of sap ... so it better to deny all like
0x0000 0x0d0d
and for netbios yes it is right it use lsap of 0xf0 but also dont forget its
response that is 0xf1
so keep in practices for denying both 0xf1 and 0xf0. There is also a
functional mac address of netbioes
that is C000.0000.0080 and that is the DMAC. also block it with MAC
access-list

If guys cant remember the HEX numbers then u do a debug of "debug dlsw" and
see what saps
are getting cross.... if its 0e then block it like "access-list 200 deny
0x0000 0xe0e0"
but dont for get the implecide deny so also do "access-list 200 permit
0x0000 0xffff"

for SAP and MAC filters also see :
http://www.cisco.com/warp/public/697/dlswfilter.shtml

Its fun on doing filters of SAP and MAC.

-Mamoor

----- Original Message -----
From: alain faure <alainfaure@yahoo.fr>
To: Gregg Malcolm <greggm@sbcglobal.net>; <ccielab@groupstudy.com>
Sent: Sunday, March 03, 2002 4:35 PM
Subject: Re: LSAP Codes, Filtering SNA and Netbios Traffic

> Hi,
>
> A m working on this, and i can give you a other link that i suppose many
know:
> http://www.cisco.com/warp/public/698/acl200.html
>
> AND look at this (watch the wrap):
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_
c/bcprt1/bcdsrb.htm#xtocid1735780
>
> But if i write this mail, it is because when you look at the CD and the
web
> site there is some little differences specialy for SAP filters.
>
> is the filter for SNA SAP
> 0x0404 0x0001 and 0x0004 0x0001
> equivalent to
> 0x0000 0x0d0d
>
> for Netbios it is ?
> 0xF0F0 0x0101
> or
> 0xF0F0 0x0001
>
> as i read mails in this list i couln't figure out why this differnces
maybye
> missing some thing.
>
> Best regards
>
> --- Gregg Malcolm <greggm@sbcglobal.net> a icrit : > Gang,
> >
> > I've been searching for quite awhile on the doc CD. Best page with
codes I
> > could find is :
> >
> > http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3920/3920ug4/code
s.htm
> > #xtocid189133
> >
> > On CCO, there is a good paper :
> >
> > http://www.cisco.com/warp/public/697/dlswfilter.shtml
> >
> > Wish it was on the CD. Guess I'm going to have to memorize 0xF0F0 and
> > 0x0D0D.
> > Anyone find anything else of use regarding DSLW and RSRB filtering on
the CD
> > ?
> >
> > Thanks, Gregg

• Next message: Rob Rummel: "RE: distribution lists in RIP"
• Previous message: Ouellette, Tim: "RE: Summarization?? What's that? (bug report)"
• Maybe in reply to: Gregg Malcolm: "LSAP Codes, Filtering SNA and Netbios Traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:52 GMT-3