From: Lupi, Guy (Guy.Lupi@xxxxxxxxxxxxx)
Date: Sun Apr 28 2002 - 17:51:11 GMT-3
I find it easiest to look at it from the standpoint of the router. If you
look at a show dlsw reachability on a router with dlsw enabled on an
ethernet interface, all the mac addresses show up in non canonical format.
So, when doing filtering, you have to convert any ethernet address to non
canonical format. Leaving them in canonical format essentially makes your
filter useless, because from the perspective of the router the mac addresses
that it can reach are those in the reachability list and are in non
canonical format, to the router the canonical format of the address doesn't
exist. So let's say you have a token ring router to ethernet router via
dlsw. The requirement is to make a dmac output list on the token ring
router that only allows traffic to the remote peer if it is destined for mac
address 8888.8888.8888 on the ethernet segment. You have to build the list
with the non canonical format, which is 1111.1111.1111, because on the
ethernet router this is how the mac address is reported, as far as the
ethernet router is concerned 8888.8888.8888 doesn't exist in the
reachability table. I also initially thought the router would do this
conversion for you, but it doesn't, and if you build filters or dynamic
peers with the canonical addresses it will not work. HTH.
~-----Original Message-----
~From: Babacar Diop [mailto:babacard2000@yahoo.com]
~Sent: Sunday, April 28, 2002 4:42 PM
~To: Lupi, Guy
~Cc: ccielab@groupstudy.com
~Subject: RE: Conversion canonical to non-canonical
~
~
~Lupi,
~
~if i do not convert to nonconanical, shouldn't the
~remote router convert anyway? I understood that when
~you source from ethernet, the router always converts
~it to nonconanical. Remote router will either convert
~back to conanical in case it has ethernet or leave it
~nonconanical in case of token ring. So knowing this,
~it should not matter if I convert it or not in the
~local router. Unless, the local router will not be
~able to filter it at all because of the conanical
~format. Would appreciate it you had feedback on this.
~
~Thanks in advance.
~
~bbd
~
~
~--- "Lupi, Guy" <Guy.Lupi@eurekaggn.com> wrote:
~> I don't have a doc, but here goes:
~>
~> If the station is on an Ethernet segment and you are
~> going to use a dlsw
~> filter, convert the address. This is true for
~> ethernet to ethernet dlsw
~> peers and for token ring to ethernet dlsw peers.
~>
~> If the station is on a token ring segment, leave it
~> alone.
~>
~> Essentially, all filtering in dlsw is done using
~> non-canonical format, if
~> you are unsure, you can always look at the output of
~> the show dlsw
~> reachability and see in which format the address
~> shows up.
~>
~> ~-----Original Message-----
~> ~From: Babacar Diop [mailto:babacard2000@yahoo.com]
~> ~Sent: Friday, April 26, 2002 7:19 PM
~> ~To: cciegroup
~> ~Subject: Conversion canonical to non-canonical
~> ~
~> ~
~> ~Group,
~> ~
~> ~When do you need to convert from canonical to
~> ~non-canonical in DLSw. Anyone as a doc on when and
~> how
~> ~to do it?
~> ~
~> ~Thanks
~> ~
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:21 GMT-3