Re: Mac-address filtering.

From: Michael Popovich (m.popovich@xxxxxxxxx)
Date: Thu Jun 20 2002 - 02:40:12 GMT-3

• Next message: Johnny Tsao: "RE: PAPER CCIE - Cisco Monitors Please READ THIS"
• Previous message: elping: "Re: What are all the ports for DLSw+ ?"
• Maybe in reply to: Michael Popovich: "Mac-address filtering."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I don't thing so. The filter is for the destination mac-address so you would
want to put it on the router whose source hosts you do not want to reach the
destination host.

That's my understanding there. I have been told in another email that while
the mac address still shows up in the reachability cache you are unable to
open a session to it. I have tested this in my lab successfully. My question
was more towards how to keep it out of reachability all together. The
solution for that keeps all netbios datagrams from getting into
reachability, which I don't want.

MP

----- Original Message -----
From: "Nguyen, Thai" <Thai.Nguyen@auspost.com.au>
To: "'Michael Popovich'" <m.popovich@mchsi.com>; "CCIE GROUPSTUDY"
<ccielab@groupstudy.com>
Sent: Wednesday, June 19, 2002 6:29 PM
Subject: RE: Mac-address filtering.

> Hi,
>
> If you want to filter the MAC from R1 to R8, shouldn't you fiter it on
R1 -
> with the dlsw remote-peer command. I don't think that you need to do any
> translation for the MAC.
> Can someone confirm this?
>
> Regards,
>
>
> -----Original Message-----
> From: Michael Popovich [mailto:m.popovich@mchsi.com]
> Sent: Wednesday, June 19, 2002 8:44 AM
> To: CCIE GROUPSTUDY
> Subject: Mac-address filtering.
>
>
> Setup:
>
> Ethernet
> |
> R1
> \
> \
> |----------R4
> R8
> |
> Token Ring
>
> Trying to keep the MAC address 0010.e3a1.e962 from R1 entering into R8
> reachability.
>
> Here is the config on R8. We have already made the canonical adjustments
to
> the MAC address to match the correct one in DLSW.
>
> I am missing something on my understanding of the mac-filtering with DLSW.
I
> orignally applied the access-list 700 to R1. I am unsure of how to keep
the
> mac-address out of the reachability on R8 but still allow it on R4.
>
> R8
>
> access-list 700 deny 0010.e3a1.e962 0000.0000.0000
> access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
>
> source-bridge ring-group 4000
> dlsw local-peer peer-id 200.0.0.8
> dlsw remote-peer 0 tcp 200.0.0.4
> dlsw remote-peer 0 tcp 200.0.0.1 dmac-output-list 700
>
>
> r8#sh dlsw reachability
> DLSw Local MAC address reachability cache list
> Mac Addr status Loc. port rif
>
> DLSw Remote MAC address reachability cache list
> Mac Addr status Loc. peer
> 0002.319c.40a9 FOUND REMOTE 200.0.0.1(2065)
> 0008.b06b.f9df FOUND REMOTE 200.0.0.1(2065)
> 0010.e3a1.e962 FOUND REMOTE 200.0.0.1(2065)
>
> DLSw Local NetBIOS Name reachability cache list
> NetBIOS Name status Loc. port rif
>
> DLSw Remote NetBIOS Name reachability cache list
> NetBIOS Name status Loc. peer
> ACS-SERVER FOUND REMOTE 200.0.0.1(2065)
> SERVER01 FOUND REMOTE 200.0.0.1(2065)

• Next message: Johnny Tsao: "RE: PAPER CCIE - Cisco Monitors Please READ THIS"
• Previous message: elping: "Re: What are all the ports for DLSw+ ?"
• Maybe in reply to: Michael Popovich: "Mac-address filtering."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:38 GMT-3