From: Michael Popovich (m.popovich@xxxxxxxxx)
Date: Tue May 28 2002 - 11:52:04 GMT-3
I think Tom was not only want to classify the traffic coming into the router
but then redirect them to specific ports based on that classification.
Originally I was thinking about access-list to do this and you can
definitely classify the traffic that way but when setting up a route-map for
policy routing there doesn't seem to be an option for it to see any traffic
defined by access-lists other than IP. SNA is the problem here.
Once you mark the SNA packets coming into the router how to you specify an
outgoing interface for that traffic. With IP you would create a route-map
and then apply that route-map to the inbound interface on a service-policy.
Not sure what to do with the SNA traffic.
Of course you could just use DLSW+ across the WAN then use access-lists and
route-maps to force the DLSW traffic out certain interfaces.
MP
----- Original Message -----
From: "Jerry Haverkos" <jhaverkos@columbus.rr.com>
To: "Tom Young" <gitsyoung@yahoo.co.jp>; <ccielab@groupstudy.com>
Sent: Tuesday, May 28, 2002 9:30 AM
Subject: RE: A question about policy routing
> Tom
>
> Assuming you don't want any other info to flow other than SNA and HTTP,
the
> following may work. I haven't tried putting both of these types of filters
> on an interface but it should work in theory. The deny SNA LSAP filter is
> paired up with the permit HTTP(www) filter. The deny SNA LSAP filter could
> have been written to be a permit IP only.
>
> int s0
> access-expression out lsap(201)
> ip access-group 101 out
>
> int s1
> access-expression out lsap(202)
> ip access-group 102 out
>
> int s0
> access-list 201 permit 0x0404 0x0101 ---- > permits IBM SAP type 04
> access-list 201 permit 0x0004 0x0001 ---- > permits IBM null SAP
> access-list 201 deny 0x0000 0xFFFF ---- > denies all other SAP$B!G(Bs
>
> int s1
> access-list 202 deny 0x0404 0x0101 ---- > deny IBM SAP type 04
> access-list 202 deny 0x0004 0x0001 ---- > deny IBM null SAP
> access-list 202 permit 0x0000 0xFFFF ---- > permit all other SAP$B!G(Bs
>
> int s0
> access-list 101 deny tcp any any eq www
> (all other ip traffic is also implicitly denied)
>
> int s1
> access-list 102 permit tcp any any eq www
>
> grandpa jerry
>
> Notes on above: access-list 202 could be written to permit only ip. This
> would be more specific.
>
> Note#2: There are other IBM SAP's that you might need. (i.e. 0x08 and
0x0C)
> Adjust filter as needed.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Tom
> Young
> Sent: Tuesday, May 28, 2002 3:55 AM
> To: ccielab@groupstudy.com
> Subject: A question about policy routing
>
>
> A question about the policy routing.
> For example , I want the SNA packet was routed to s0, and
> HTTP packet was routed to s1. Somebody told me could do it
> with policy routing. But how to do it. Anybody could teach
> me? And if anyone has more better way,teach me,please.
>
> Thanks
>
> Young
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:10 GMT-3