From: Ahmed Mamoor Amimi (mamoor@xxxxxxxx)
Date: Wed Mar 13 2002 - 00:45:46 GMT-3
dont forget the F1.... as i remebered that is also to be blocked.
if this doesnt helped, then do these steps.... its easy.
1- remove and access-list
2- debug "dlsw reachabilty"
3- u will see the saps.
4- check if they are F0 , F1 and 04
5- then apply the appropiate access-list.
6- and it is applied on REMOTE statement
go from easy to complex always !!
-Mamoor
----- Original Message -----
From: Carlos A. Silva <carlos@mnet.com.mx>
To: <ccielab@groupstudy.com>
Sent: Wednesday, March 13, 2002 12:51 AM
Subject: [lsap filters]
> hello everyone:
>
> i was just practicing dlsw/sap filters. we generated traffic using the
dspu
> commands. we created
> 2 hosts on each side of the dlsw connection, one with a 04 (lsap/dsap),
one
> with a F0 (lsap/dsap) . we tried filtering one of them but the ckt keeps
> establishing.
>
> here's my config on one side and some outputs.the other side is a mirror
> config, without the lsap filter, or course...
> any ideas?
>
> dlsw local-peer peer-id 172.18.2.254
> dlsw remote-peer 0 tcp 172.16.2.1 lsap-output-list 200
> dlsw bridge-group 1
>
> access-list 200 permit 0xF0F0 0x0101
> access-list 200 deny 0x0000 0xFFFF
>
> as far as i know, the F0 ckt should connect and the 04 shouldn't.
> the ckt keeps establishing:
>
>
> R1#sh dlsw cir
> Index local addr(lsap) remote addr(dsap) state
uptime
> 2130706474 0000.0000.0007(04) 0000.0000.0002(04) CONNECTED
> 00:00:12
> 3825205292 0000.0000.0007(AA) 0000.0000.0002(AA)
> TABLISHED -
> 4278190123 0000.0000.0077(F0) 0000.0000.0022(F0) CONNECTED
> 00:00:12
> 3808428077 0000.0000.0077(AA) 0000.0000.0022(AA)
> TABLISHED -
> Total number of circuits connected: 2
>
> R1#
>
> btw, any one know why those AA ckts try to connect?
>
>
>
> Carlos A. Silva [tel]: 5281.8401.2191
> Micronet de Mixico http://mnet.com.mx
>
> "...sal del camino, toma la ruta..." - Cerati
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:02 GMT-3