From: Fred Ingham (fingham@cox.net)
Date: Fri Jan 10 2003 - 02:08:18 GMT-3
To filter canonical MACs from ab12.cd34.ef56 to ab12.cd34.f082
you would use:
dlsw icanreach mac-add d548.b32c.0700 ffff.ffff.0700 or
access-list 700 permit d548.b32c.0700 0000.0000.f8ff
This filters more than desired but cannot be avoided, e.g.
the first byte of the last 16 bits will be either ef or f0, converting to
non-canonical this is f7 or 0f - you have to allow all bits for the first
nibble and a wildcard of (binary) 0111/1000 for the second nibble. The
second byte will go from 56 to 82 canonical but will contain all hex values
in either nibble, i.e. look at the transition efff - f000 so all bits must
be allowed.
The filter allows canonical MACs ab12.cd34.ef00 thru ab12.cd34.f0ff. The
original requirement covered 0x12d hosts
(301), the resulting filter allows 0x200 hosts (512). You gotta love hex.
Cheers, Fred
----- Original Message -----
From: "Scott Morris" <swm@emanon.com>
To: "'love cisco'" <love_cisco@hotmail.com>; <ccielab@groupstudy.com>
Sent: Thursday, January 09, 2003 9:37 PM
Subject: RE: Dlsw+ access-list filter for MAC address
> The mask will work the same as before. You just have to be aware which
> bits you're planning to allow or not allow! It may require some extra
> thought.
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> love cisco
> Sent: Thursday, January 09, 2003 5:13 PM
> To: swm@emanon.com; ccielab@groupstudy.com
> Subject: RE: Dlsw+ access-list filter for MAC address
>
>
> Thanks, Scott.
>
> How about a range of MAC address. Do I have to do the bit swap on MAC
> address MASK?
> For example,
> One Ethernet canonical MAC address range is from ab12.cd34.ef56 to
> ab12.cd34.f082. This MAC address range has 300 MAC addresses. So what is
> this DLSW filtering could be? dlsw icanreach mac-address 5d84.3bc2.7fa6
> mask ffff.ffff.f12c or MAC access-list access-list 700 permit
> 5d84.3bc2.7fa6 0000.0000.012c
>
> Am I right?
>
> Thanks
>
>
>
>
>
> >From: "Scott Morris" <swm@emanon.com>
> >Reply-To: "Scott Morris" <swm@emanon.com>
> >To: "'love cisco'" <love_cisco@hotmail.com>, <ccielab@groupstudy.com>
> >Subject: RE: Dlsw+ access-list filter for MAC address
> >Date: Thu, 9 Jan 2003 06:57:23 -0500
> >
> >This has been answered a lot in the past few weeks! :)
> >
> >YES, you still have to worry about it! Even though both of your
> >ethernet's don't care, DLSW as a technology talks about things just
> >like Token Ring does natively. So everything will get bit-swapped twice
>
> >from ethernet into DLSW and then back out again. All filtering needs
> >to be done in a bit-swapped manner.
> >
> >Scott
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>
> >love cisco
> >Sent: Thursday, January 09, 2003 4:22 AM
> >To: ccielab@groupstudy.com
> >Subject: Dlsw+ access-list filter for MAC address
> >
> >
> >Hi, friends
> >
> >Just want to confirm that since Token Ring is gone in the new lab. So
> >we
> >
> >don't have to worry about convert canonical to no nocanonical for MAC
> >access-list. Is that right?
> >
> >thanks!
> >
> >_________________________________________________________________
> >SkA*;z5DEsSQ=xPP=;Aw#,GkJ9SC MSN Messenger: http://messenger.msn.com/cn
>
> >.
> _________________________________________________________________
> OmSCJ@=gIOWn4s5D5gWSSJ<~O5M3!* MSN Hotmail!# http://www.hotmail.com
> .
.
This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:46 GMT-3