Re: Bitswapping and Mac Filtering ( Please clarify)

From: Fred Ingham (fingham@xxxxxxx)
Date: Fri Jun 28 2002 - 12:54:29 GMT-3

• Next message: Annu Roopa: "Re: BGP synch question"
• Previous message: Edward Monk: "RE: netbios input-access-filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Irene: To allow r1's host (0000.8616.3f04) to communicate only with host1
(0000.f669.5ee7) on r2
you could do this several ways:
     1. use access-li 700 deny 0000.f669.f525
                access-li 700 permit 0000.0000.0000 ffff.ffff.ffff
     this filters host 2 and allows host1 (and any other host)

     apply as dlsw remote-peer 0 tcp 10.2.2.2 dmac-output-list 700 on r1

     2. use access-li 700 permit 0000.f669.5ee7
                access-li 700 permit c000.0000.0080 (if using NetBIOS)
     this allows host1 and the address used by NetBIOS Name_Queries

     apply same as above.

     3. use dlsw icanreach mac-address 0000.f669.5ee7 ffff.ffff.ffff
                 dlsw icanreach mac-exclusive

          apply on r2 - capabilities for r2 on r1 will indicate this is the
only MAC address reachable.

If you want r2's hosts to both connect to r1's host, and vice-versa, just
configure r1 and r2 as DLSW peers.
If you want r2's hosts to only connect to the host (0000.8616.3f04) on r1,
then you need to convert
this address to non-canonical and apply to an access-list on r2 or icanreach
on r1. The non-canonical
address is (0000.6168.fc20).

Solie's book has a complete discussion of DLSW (get errata). Otherwise
search on CCO for DLSW SAP,
There is a good paper there at
http://www.cisco.com/warp/public/697/dlswfilter.shtml

HTH, Fred

----- Original Message -----
From: "GOLBERY Irhne" <irene.golbery@arche.fr>
To: "'Emmanuel Oppong'" <e-oppong@attbi.com>; <fingham@cox.net>;
<ccielab@groupstudy.com>; <fningham@att.net>
Sent: Friday, June 28, 2002 3:51 AM
Subject: RE: Bitswapping and Mac Filtering ( Please clarify)

> Hi,
>
> This is a scenario that is already dark for me
> Same as previous ( thanks Emmanuel) but with remote peer config
>
> r1 and r2 are configured as dlsw peers.
> r1 has a host on e0 network.
> r2 has host-1 and host-2 on its to0 network.
> I want r1's host to communicate with only host-1 on r2.
>
> MAC addresses for the hosts are :
> r1 host = 0000-8616-3F04
> r2 host-1 = 0000-F669-5EE7
> r2 host-2 = 0000-F669-5F25
>
> r1:
> dlsw local-peer peer-id 10.1.1.1
> dlsw remote-peer peer-id 10.2.2.2
> dlsw bridge-group 1
> !
> access-list 700 permit 0000.6F96.7AE1 0000.0000.0000
> or
> access-list 700 permit 0000.F669.5ee7 0000.0000.0000
> !
> int e0
> bridge-group 1
> !
> bridge 1 protocol ieee
>
> And now if I want r2's hosts to communicate with r1 host ( canonical, non
> canonical ?)
>
> Can you try to clarify this example or to indicate an URL where it is
well
> explained ( When Canonical to non Canocical transformation is needed and
> the reverse)
>
> Thanks for your help
>
> Irene

• Next message: Annu Roopa: "Re: BGP synch question"
• Previous message: Edward Monk: "RE: netbios input-access-filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:43 GMT-3