From: Volkov, Dmitry (Toronto - BCE) (dmitry_volkov@ca.ml.com)
Date: Sun Sep 15 2002 - 14:44:47 GMT-3
Fred,
Can we say, that :
1) source-bridge input-address-list & bridge-group input-address-list -
filter frames based on Source mac address defined in access-list 700-799
2) source-bridge output-address-list & bridge-group output-address-list -
filter frames based on Destination mac address defined in access-list
700-799
3) in case if we use output-address-list and we have SR/TLB (i.e.
destination is on different media than source) - we have to bitswap mac
address when we make access-list 700-799
Thanks,
Dmiret
> -----Original Message-----
> From: Fred Ingham [mailto:fingham@cox.net]
> Sent: Sunday, September 15, 2002 12:42 PM
> To: Omer Ansari; ccielab@groupstudy.com
> Subject: Re: when to use canonical->non-canonical conversion
>
>
> Omer: 1. and 2. are fine. Side question - no, it doesn't change.
>
> In 3. and 4. you are using SR/TLB. The access-list would
> deny all since
> access-list 700 uses a wildcard mask. In 3 and 4 the
> direction should be
> out in both cases since you are denying a host on the other LAN.
>
> Fred
>
> ----- Original Message -----
> From: "Omer Ansari" <omer@ansari.com>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, September 15, 2002 1:44 AM
> Subject: when to use canonical->non-canonical conversion
>
>
> > Guys,
> >
> > this is to summarize and confirm the usage of canonical to
> non-canonical
> > mac address conversion:
> >
> > Are there other places where one might need to to the
> conversion other
> > than the following scenarios:
> >
> > 1. dlsw icanreach
> > -----
> > {ethernet}-----RouterA-----{cloud}....
> >
> > ethernetA has device with mac address 1.1.1
> (non-canonical=0080.0080.0080)
> >
> > we want to use icanreach on RouterA for this mac address, but we use
> > non-canonical here:
> >
> > dlsw icanreach mac-addr 0080.0080.0080
> >
> >
> > 2. dlsw remote-peer xxxx dest-mac:
> > -----
> >
> > {ethernetA/tokenringA}---RouterA---{cloud}---RouterB---{ethernetB}
> >
> > "ethernetB" has device with mac address 1.1.1
> >
> > thus on RouterA:
> >
> > dlsw remote-peer 0 tcp <RouterB> dest-mac 0080.0080.0080
> >
> >
> > --side question for #2, does the above change if the source LAN is
> > ethernetA instead of tokenringA?
> >
> >
> > {
> > if the above reasoning is correct, then the answer in
> > KarlSolie, Enchilda, pp1168:
> > Section XI: Question1 is incorrect as per:
> >
> http://www.ciscopress.com/content/images/1587200023/downloads/
Skylabs-enchil
ada.pdf
>
> where he hasn't changed the canonical -> non-canonical format.
>
> }
>
>
> 3. source-bridge input-address-list
> ----------
>
> {tokenring}----{to0/0}RouterA(e0/0)------{ethernet}
>
> ethernet has a 1.1.1 mac address device
>
> on RouterA t0/0
> source-bridge input-address-list 700
>
> access-l 700 deny 0080.0080.0080 FFFF.FFFF.FFFF <----
> access-l ......
>
>
> 4. bridge-group input-address-list
> ----------
>
> same scenario as 3, but mac address 1.1.1 is on TokenRing
>
> RouterA e0/0
>
> bridge-group input-address-list 700
>
> access-l 700 deny 0080.0080.0080 FFFF.FFFF.FFFF <----
> access-l ......
>
>
>
>
> any other scenarios??
> Omer
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:52 GMT-3