From: Raj Bahad (raj.bahad@xxxxxxxxxxxxxx)
Date: Thu Jul 25 2002 - 10:14:46 GMT-3
Guys,
I had a similar question posted a couple of weeks ago, but got no reply.
Essentially, reiterating what Kris stated, how would you achive the same
results without the use of a layer 2 filter?
I thought of looking at the ARP table and then undertake the task of creating
an access-list specifiying IP addresses which map to their respective mac
addresses.
Would you agree, or is there another way of doing this without using a layer 2
filter?
Raj.
>===== Original Message From "Krake, Kris" <KKrake@aegonusa.com> =====
>I may be incorrect in this but I believe the initial thread indicated that
>you cannot use a layer 2 filter to accomplish this?
>
>KK
>
>-----Original Message-----
>From: Jaspreet Bhatia [mailto:jasbhati@cisco.com]
>Sent: Wednesday, July 24, 2002 6:36 PM
>To: Colin Barber
>Cc: ccielab@groupstudy.com
>Subject: RE: dmac-output-list question
>
>
>Colin,
> I think that you are right .The question is : r2 has a
>specific mac address range which should be allowed to
> >communicate with outside world and all other mac should be filtered.
>
>In this above case an input-address-range on the TR would do nicely
>
>I misinterpreted the question to say :
>
>Other hosts should only be allowed to reach this particular set of MAC
>addresses on R2 in which case you can do icanreach and mac-exclusive ..
>
>
>Thanks
>
>Jaspreet
>
>At 11:11 PM 7/24/2002 +0100, Colin Barber wrote:
>>Would you not need to specify mac-exclusive? Otherwise R1 will send
>>explorers to R2 for any mac addresses not listed in the icanreach.
>>
>>How about not restricting within DLSW and just using a input-address-list
>>filter on the lan interface?
>>
>>Colin
>>
>>-----Original Message-----
>>From: Jaspreet Bhatia [mailto:jasbhati@cisco.com]
>>Sent: 24 July 2002 18:53
>>To: atul pawar
>>Cc: ccielab@groupstudy.com
>>Subject: Re: dmac-output-list question
>>
>>
>>Hi Atul,
>> This concept is a bit confusing . This is how I
>>interpret it . R2 wants all other hosts to only reach a certain range of
>>MAC addresses on its network. If you use dmac output list on R1 it would
>>affect only R1 whereas if you put the icanreach mac-address with a mask on
>>R2 , then R2 will advertise this to all other peers in its capabilities
>>exchange so all other peers will only send packets destined for those
>>range of MAC addresses to R@ .
>>
>>HTH
>>
>>Jaspreet
>>
>>At 05:26 PM 7/24/2002 +0000, atul pawar wrote:
>> >HI Guyes,
>> >I saw this example on the group earlier. I seem to confuse myself with
>> >this one. Please Consider the following
>> >
>> >r1-------peer---------r2
>> >and r2 has a specific mac address range which should be allowed to
>> >communicate with outside world and all other mac should be filtered.
>> >
>> >now if I put this dmac-output-list allowing this range in the remote peer
>> >statement of r1 it will only pass those explorers which are for this mac
>> >address range.
>> >Or it should be on r2 so that it allows only these mac addresses out?
>> >Other way I can think of is dlsw icanreach mac-address on r2 and
>>mac-exclusive.
>> >can someone please clarify how to use 'dmac-output-list' as I'm not sure
>> >if my understanding is right .
>> >Many thanks For Your help
>> >Atul
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > Atul
>> >
>> >
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:43 GMT-3