RE: dmac-output-list question

From: Anthony Pace (anthonypace@xxxxxxxxxxx)
Date: Thu Jul 25 2002 - 15:18:36 GMT-3

• Next message: Anthony Pace: "Re: OSPF conditional default route"
• Previous message: Brian Dennis: "RE: Lab Changes"
• Maybe in reply to: atul pawar: "dmac-output-list question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I was under the impression that DLSw is NOT a way of bridging various
protocols (like IRB does), but was exclusivly for gluing non-routable
protocols (NetBios,SNA,LAT) from Ethernet and Token-Rings across a WAN.
I think IP would not traverse this, and I think I read somewhere that
IPX might make it accross IF it had been bridged everywhere, and no IPX
addresses were on the LAN interfaces. AM I WRONG?

The input-address-range on the TR would stop other Token-Rings
attatched to the same router form getting to the TOken-RIng being
filtered. The combonation of the ICANREACH + MAC EXCLUSIVE combined
with the DMAC-ROUTPUT-LIST on the other guys remote-peer statement
would give you the best of both worlds. Does that sound right?

Anthony Pace

On Thu, 25 Jul 2002 15:08:49 +0100, "Colin Barber"
<Colin.Barber@telewest.co.uk> said:
> What type of traffic are you trying to stop? If it's IPX you can do it with
> an IPX access list as the mac address is part of the clients network.host
> address. If it's IP then you could use your suggestion (until a client
> changes it's ip address). However if you are trying to stop layer 2 traffic
> a layer 3 access list is not going to work.
>
> Colin
>
> -----Original Message-----
> From: Raj Bahad [mailto:raj.bahad@totalise.co.uk]
> Sent: 25 July 2002 14:15
> To: Krake, Kris; Colin Barber; Jaspreet Bhatia
> Cc: ccielab
> Subject: RE: dmac-output-list question
>
>
> Guys,
>
> I had a similar question posted a couple of weeks ago, but got no reply.
>
> Essentially, reiterating what Kris stated, how would you achive the same
> results without the use of a layer 2 filter?
>
> I thought of looking at the ARP table and then undertake the task of
> creating
> an access-list specifiying IP addresses which map to their respective mac
> addresses.
>
> Would you agree, or is there another way of doing this without using a layer
> 2
> filter?
>
> Raj.
>
> >===== Original Message From "Krake, Kris" <KKrake@aegonusa.com> =====
> >I may be incorrect in this but I believe the initial thread indicated that
> >you cannot use a layer 2 filter to accomplish this?
> >
> >KK
> >
> >-----Original Message-----
> >From: Jaspreet Bhatia [mailto:jasbhati@cisco.com]
> >Sent: Wednesday, July 24, 2002 6:36 PM
> >To: Colin Barber
> >Cc: ccielab@groupstudy.com
> >Subject: RE: dmac-output-list question
> >
> >
> >Colin,
> > I think that you are right .The question is : r2 has a
> >specific mac address range which should be allowed to
> > >communicate with outside world and all other mac should be filtered.
> >
> >In this above case an input-address-range on the TR would do nicely
> >
> >I misinterpreted the question to say :
> >
> >Other hosts should only be allowed to reach this particular set of MAC
> >addresses on R2 in which case you can do icanreach and mac-exclusive ..
> >
> >
> >Thanks
> >
> >Jaspreet
> >
> >At 11:11 PM 7/24/2002 +0100, Colin Barber wrote:
> >>Would you not need to specify mac-exclusive? Otherwise R1 will send
> >>explorers to R2 for any mac addresses not listed in the icanreach.
> >>
> >>How about not restricting within DLSW and just using a input-address-list
> >>filter on the lan interface?
> >>
> >>Colin
> >>
> >>-----Original Message-----
> >>From: Jaspreet Bhatia [mailto:jasbhati@cisco.com]
> >>Sent: 24 July 2002 18:53
> >>To: atul pawar
> >>Cc: ccielab@groupstudy.com
> >>Subject: Re: dmac-output-list question
> >>
> >>
> >>Hi Atul,
> >> This concept is a bit confusing . This is how I
> >>interpret it . R2 wants all other hosts to only reach a certain range of
> >>MAC addresses on its network. If you use dmac output list on R1 it would
> >>affect only R1 whereas if you put the icanreach mac-address with a mask
> on
> >>R2 , then R2 will advertise this to all other peers in its capabilities
> >>exchange so all other peers will only send packets destined for those
> >>range of MAC addresses to R@ .
> >>
> >>HTH
> >>
> >>Jaspreet
> >>
> >>At 05:26 PM 7/24/2002 +0000, atul pawar wrote:
> >> >HI Guyes,
> >> >I saw this example on the group earlier. I seem to confuse myself with
> >> >this one. Please Consider the following
> >> >
> >> >r1-------peer---------r2
> >> >and r2 has a specific mac address range which should be allowed to
> >> >communicate with outside world and all other mac should be filtered.
> >> >
> >> >now if I put this dmac-output-list allowing this range in the remote
> peer
> >> >statement of r1 it will only pass those explorers which are for this mac
> >> >address range.
> >> >Or it should be on r2 so that it allows only these mac addresses out?
> >> >Other way I can think of is dlsw icanreach mac-address on r2 and
> >>mac-exclusive.
> >> >can someone please clarify how to use 'dmac-output-list' as I'm not sure
> >> >if my understanding is right .
> >> >Many thanks For Your help
> >> >Atul
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > Atul
> >> >
> >> >

• Next message: Anthony Pace: "Re: OSPF conditional default route"
• Previous message: Brian Dennis: "RE: Lab Changes"
• Maybe in reply to: atul pawar: "dmac-output-list question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:43 GMT-3