From: Ahmed Mamoor Amimi (mamoor@xxxxxxxx)
Date: Sat Mar 23 2002 - 03:31:23 GMT-3
When ur saying "only allow SNA traffic to mac address 3745.0001.0001 ONTO
ring 2". then it is definitely
traffic coming into the TR. the question should be more clear like "only
allow SNA traffic from TR to destination xxx.xxx.xxx"
now it is more clear.
i guess this is traffic into the TR so u should apply out.
-Mamoor
----- Original Message -----
From: Lupi, Guy <Guy.Lupi@eurekaggn.com>
To: <ccielab@groupstudy.com>
Sent: Saturday, March 23, 2002 3:24 AM
Subject: Access expression on token ring
> I am doing a lab, and the requirement is "only allow SNA traffic to mac
> address 3745.0001.0001 onto ring 2". So here is the config:
>
> access-list 200 permit 0x0000 0x0D0D
> access-list 700 permit 3745.0001.0001 0000.0000.0000
> !
> interface TokenRing0
> ip address 10.10.10.1 255.255.255.240
> no ip directed-broadcast
> ip nat inside
> ring-speed 16
> access-expression output (dmac(700) & lsap(200))
>
> I put the access expression as an output because I would think that this
> would stop all traffic that is not sna and destined for mac address
> 3745.0001.0001 from being sent OUT of the token ring interface, and hence
> onto ring 2. The author has the access expression as input, not output.
Am
> I correct here or am I missing something? Thanks.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:19 GMT-3