RE: Filtering DLSw+ TCP Session

From: Scott Morris (swm@emanon.com)
Date: Sun Dec 29 2002 - 11:32:50 GMT-3

• Next message: Peter: "Re: Cyscoexpert sample lab 1 Icanreach SAPS and ACL 200"
• Previous message: Jay Greenberg: "Re: RIP to OSPF redistribution"
• Maybe in reply to: Jay Greenberg: "Filtering DLSw+ TCP Session"
• Next in thread: Mahmud, Yasser: "RE: Filtering DLSw+ TCP Session"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

H.245 in voice uses TCP/11000-11999 for the features/exchange stuff.

However, if I recall, tcp/11000 is also the starting point for source
port in dlsw transactions. Normally, a source port is anything over
1024 (the ephemeral ports), but for whatever reason, dlsw likes starting
at 11000.

So putting it in your access list will allow the circuit either
direction to be formed.

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
kym blair
Sent: Sunday, December 29, 2002 3:46 AM
To: fadiltakipte@hotmail.com; swm@emanon.com; ccielab@groupstudy.com
Subject: Re: Filtering DLSw+ TCP Session

You're right UDP 11000-11999 are used for voice.

>From: "Fadiltakipte" <fadiltakipte@hotmail.com>
>Reply-To: "Fadiltakipte" <fadiltakipte@hotmail.com>
>To: "Scott Morris" <swm@emanon.com>, <ccielab@groupstudy.com>
>Subject: Re: Filtering DLSw+ TCP Session
>Date: Sat, 28 Dec 2002 22:03:05 -0800
>
>Hi ,
>
>Why did you use the permit tcp any any ge 11000
>As I know filtering TCP 2065 suffices for high priority DLSW. I have
>seen filtering of TCP ge 11000 also for voice configurations. Can
>anybody please inform me what these ports are used for?
>
>Thanks
>
>----- Original Message -----
>From: "Scott Morris" <swm@emanon.com>
>To: "'Jay Greenberg'" <groupstudylist@execulink.com>;
><ccielab@groupstudy.com>
>Sent: Saturday, December 28, 2002 7:11 AM
>Subject: RE: Filtering DLSw+ TCP Session
>
>
> > If you're using priority, you'll also have 1981, 1982 and 1983 as
> > destination ports. And I think there's something about udp
> > connections as well, though I don't have a list of ports for that
> > (dlsw udp-disable turns off as I recall).
> >
> > HTH,
> >
> > Scott
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf

> > Of Jay Greenberg
> > Sent: Saturday, December 28, 2002 12:38 AM
> > To: ccielab@groupstudy.com
> > Subject: Filtering DLSw+ TCP Session
> >
> >
> > Any idea how to explicitly allow a DSLw+ TCP session through an ACL?

> > On a recent practice lab, I used:
> >
> > permit tcp any any eq 2065
> > permit tcp any any ge 11000
> >
> > which worked, however I wonder if there is a more practical / direct

> > way of doing this. . .
>.

• Next message: Peter: "Re: Cyscoexpert sample lab 1 Icanreach SAPS and ACL 200"
• Previous message: Jay Greenberg: "Re: RIP to OSPF redistribution"
• Maybe in reply to: Jay Greenberg: "Filtering DLSw+ TCP Session"
• Next in thread: Mahmud, Yasser: "RE: Filtering DLSw+ TCP Session"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:54 GMT-3