From: Tom Young (gitsyoung@xxxxxxxxxxx)
Date: Wed Jun 05 2002 - 23:13:22 GMT-3
Michael:
Thanks for your answer, to make a Dlsw through the WAN
is good idea. If I have two router r1 and r2 in the same
LAN, they are connecting r3 through WAN, if I make a dlsw
peer between r1 and r3, so all of SNA packet will be throw
to r3 by r1, r2 will not do that right?
And I could define the access-list for all other ip
packet go to r2, right?
Thanks
Young
--- Michael Popovich <m.popovich@mchsi.com> $B$+$i$N%a%C(B
$B%;!<%8!'(B
> I think Tom was not only want to classify the
> traffic coming into the router
> but then redirect them to specific ports based on
> that classification.
>
> Originally I was thinking about access-list to do
> this and you can
> definitely classify the traffic that way but when
> setting up a route-map for
> policy routing there doesn't seem to be an option
> for it to see any traffic
> defined by access-lists other than IP. SNA is the
> problem here.
>
> Once you mark the SNA packets coming into the router
> how to you specify an
> outgoing interface for that traffic. With IP you
> would create a route-map
> and then apply that route-map to the inbound
> interface on a service-policy.
> Not sure what to do with the SNA traffic.
>
> Of course you could just use DLSW+ across the WAN
> then use access-lists and
> route-maps to force the DLSW traffic out certain
> interfaces.
>
> MP
>
>
>
> ----- Original Message -----
> From: "Jerry Haverkos" <jhaverkos@columbus.rr.com>
> To: "Tom Young" <gitsyoung@yahoo.co.jp>;
> <ccielab@groupstudy.com>
> Sent: Tuesday, May 28, 2002 9:30 AM
> Subject: RE: A question about policy routing
>
>
> > Tom
> >
> > Assuming you don't want any other info to flow
> other than SNA and HTTP,
> the
> > following may work. I haven't tried putting both
> of these types of filters
> > on an interface but it should work in theory. The
> deny SNA LSAP filter is
> > paired up with the permit HTTP(www) filter. The
> deny SNA LSAP filter could
> > have been written to be a permit IP only.
> >
> > int s0
> > access-expression out lsap(201)
> > ip access-group 101 out
> >
> > int s1
> > access-expression out lsap(202)
> > ip access-group 102 out
> >
> > int s0
> > access-list 201 permit 0x0404 0x0101 ---- >
> permits IBM SAP type 04
> > access-list 201 permit 0x0004 0x0001 ---- >
> permits IBM null SAP
> > access-list 201 deny 0x0000 0xFFFF ---- > denies
> all other SAP$B!G(Bs
> >
> > int s1
> > access-list 202 deny 0x0404 0x0101 ---- > deny IBM
> SAP type 04
> > access-list 202 deny 0x0004 0x0001 ---- > deny IBM
> null SAP
> > access-list 202 permit 0x0000 0xFFFF ---- > permit
> all other SAP$B!G(Bs
> >
> > int s0
> > access-list 101 deny tcp any any eq www
> > (all other ip traffic is also implicitly denied)
> >
> > int s1
> > access-list 102 permit tcp any any eq www
> >
> > grandpa jerry
> >
> > Notes on above: access-list 202 could be written
> to permit only ip. This
> > would be more specific.
> >
> > Note#2: There are other IBM SAP's that you might
> need. (i.e. 0x08 and
> 0x0C)
> > Adjust filter as needed.
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of Tom
> > Young
> > Sent: Tuesday, May 28, 2002 3:55 AM
> > To: ccielab@groupstudy.com
> > Subject: A question about policy routing
> >
> >
> > A question about the policy routing.
> > For example , I want the SNA packet was routed to
> s0, and
> > HTTP packet was routed to s1. Somebody told me
> could do it
> > with policy routing. But how to do it. Anybody
> could teach
> > me? And if anyone has more better way,teach
> me,please.
> >
> > Thanks
> >
> > Young
> >
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:26 GMT-3