From: Ted Richmond (rich_ted@xxxxxxxxx)
Date: Mon May 20 2002 - 01:44:44 GMT-3
Hi Phil,
It worked!!! Thankyou for this clarification.
I've an interesting finding here - 'THERE IS NO IMPLICIT DENY FOR 200 ACL' (pl
correct me if I'm missing sth).
I mean - if we configure 'source-bridge output-lsap-list 200' and don't specify
acl 200, SNA packets go thro and circuit gets established. So you see, there i
s no implicit deny.
-Ted
Phil <ciscostudent1@yahoo.com.br> wrote:
Ted,
If you want to block any sna traffic you should use the:
access-list 200 deny 0x0000 0x0d0d
access-list 200 permit any
and apply it to the interface with the command source-bridge output-lsap-list.
You could also apply it to the dlsw remote-peer statement.
http://www.cisco.com/warp/public/698/acl200.html
Phil
Ted Richmond <rich_ted@yahoo.com> escreveu: Hi,
I am new to this group - have a question on DLSW filtering.Here is my setup:
dspu-host-----------R1------dlsw--------R2-------dspu-pu
rsap:8,lsap:4 rsap:4,lsap8
Task: Prevent circuit between dspu peers by using output-lsap-list
Without any filters, circuit is formed between the peers. Then I configured thi
s access-list
R1# in tok0/0
source-bridge output-access-list 222
access-list 222 deny 0x0408 0x0000
access-list 222 permit 0x0000 0xffff
Even after configuring this & doing clear dlsw circuits, the circuit is up. I t
ried changing 0x0408 to 0x0804 - invain. Then I removed access-list 222 (deny a
ll) - the circuit comes up no matter what. I am stuck. Can anyone please tell m
e where I am missing? Thanks in advance.
-Ted
---------------------------------
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:02 GMT-3