From: Jerry Haverkos (jhaverkos@xxxxxxxxxxxxxxx)
Date: Tue May 28 2002 - 11:30:00 GMT-3
Tom
Assuming you don't want any other info to flow other than SNA and HTTP, the
following may work. I haven't tried putting both of these types of filters
on an interface but it should work in theory. The deny SNA LSAP filter is
paired up with the permit HTTP(www) filter. The deny SNA LSAP filter could
have been written to be a permit IP only.
int s0
access-expression out lsap(201)
ip access-group 101 out
int s1
access-expression out lsap(202)
ip access-group 102 out
int s0
access-list 201 permit 0x0404 0x0101 ---- > permits IBM SAP type 04
access-list 201 permit 0x0004 0x0001 ---- > permits IBM null SAP
access-list 201 deny 0x0000 0xFFFF ---- > denies all other SAP$B!G(Bs
int s1
access-list 202 deny 0x0404 0x0101 ---- > deny IBM SAP type 04
access-list 202 deny 0x0004 0x0001 ---- > deny IBM null SAP
access-list 202 permit 0x0000 0xFFFF ---- > permit all other SAP$B!G(Bs
int s0
access-list 101 deny tcp any any eq www
(all other ip traffic is also implicitly denied)
int s1
access-list 102 permit tcp any any eq www
grandpa jerry
Notes on above: access-list 202 could be written to permit only ip. This
would be more specific.
Note#2: There are other IBM SAP's that you might need. (i.e. 0x08 and 0x0C)
Adjust filter as needed.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Tom
Young
Sent: Tuesday, May 28, 2002 3:55 AM
To: ccielab@groupstudy.com
Subject: A question about policy routing
A question about the policy routing.
For example , I want the SNA packet was routed to s0, and
HTTP packet was routed to s1. Somebody told me could do it
with policy routing. But how to do it. Anybody could teach
me? And if anyone has more better way,teach me,please.
Thanks
Young
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:10 GMT-3