From: Narvaez, Pablo (Pablo.Narvaez@xxxxxxxxxxxxx)
Date: Mon Apr 08 2002 - 00:35:55 GMT-3
Just wondering about this acl, shouldn't it be like:
+- access-list 201 permit 0x0404 0x1010
+- access-list 202 permit 0x0808 0x1010 ? I tested with that wildcars as with
IP ACLs and it worked indicated "0" = exact match required ...
Am I right? just wondering ..
-hockito-
-----Original Message-----
From: Chua, Parry [mailto:Parry.Chua@compaq.com]
Sent: Domingo, 07 de Abril de 2002 10:15 p.m.
To: Larry Whitfill; ccielab@groupstudy.com
Subject: RE: SAP ACLs
For testing, i would suggest you to do the following.
- Create three access-list
+- access-list 201 permit 0x0404 0x0101
+- access-list 202 permit 0x0808 0x0101
+- access-list 203 permit 0x0000 0x0d0d
Create 3 SNA session using lasp 4, 8, C.
Test with each access-list and see the result. access-list 201 should allow ony
lsap 4, 202 should allow lsap 8 and 203 should allow all three lsap.
Parry Chua
-----Original Message-----
From: Larry Whitfill [mailto:whitfill@cox.net]
Sent: Monday, April 08, 2002 10:42 AM
To: ccielab@groupstudy.com
Subject: SAP ACLs
http://www.cisco.com/warp/public/698/acl200.html#caseD
Friends,
This may be old news but I found this after investigating a discrepancy in
the Practical Studies book. I'm particularly interested in the advised
method of filtering SNA:
"access-list 201 deny 0x0000 0x0d0d"
The site admits that not all SNA SAPS will be filtered by this, but is it
safe to assume that this is good enough for testing purposes?
Larry
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:59 GMT-3