From: Chua, Parry (Parry.Chua@xxxxxxxxxx)
Date: Fri Mar 22 2002 - 23:46:12 GMT-3
The question said that "into ring 2" imply that can be from any source, therefo
re, it should be apply at the router interface that connect to ring 2 and shoul
d used OUT instead of IN. It is refer to the inetrafce reference, OUT mean send
out to the ring and IN mean input from the ring. If you have serveral routers
connected to ring 2, it mean that you have to apply the access-expression out t
o the token ring interface.
Regards
Parry
-----Original Message-----
From: Lupi, Guy [mailto:Guy.Lupi@eurekaggn.com]
Sent: Saturday, March 23, 2002 6:24 AM
To: 'ccielab@groupstudy.com'
Subject: Access expression on token ring
I am doing a lab, and the requirement is "only allow SNA traffic to mac
address 3745.0001.0001 onto ring 2". So here is the config:
access-list 200 permit 0x0000 0x0D0D
access-list 700 permit 3745.0001.0001 0000.0000.0000
!
interface TokenRing0
ip address 10.10.10.1 255.255.255.240
no ip directed-broadcast
ip nat inside
ring-speed 16
access-expression output (dmac(700) & lsap(200))
I put the access expression as an output because I would think that this
would stop all traffic that is not sna and destined for mac address
3745.0001.0001 from being sent OUT of the token ring interface, and hence
onto ring 2. The author has the access expression as input, not output. Am
I correct here or am I missing something? Thanks.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:19 GMT-3