From: Ouellette, Tim (tim.ouellette@eds.com)
Date: Sat Jan 11 2003 - 01:16:20 GMT-3
I believe you are right on the money Tony. The main part that bit me the
first time was remembering the command/response portion. If there was no
response bit to be set, the ACL would be easy but since the C/R bit gets
"turned on" that's why you need to allow 0x04 (C), 0x05 (R) etc up to 0x0C
(C) , 0x0D(R) where C being Command and R being Response.
BTW, I've seen those same documents that you refer too.
Tim
-----Original Message-----
From: Tony Schaffran [mailto:tschaffran@cconlinelabs.com]
Sent: Friday, January 10, 2003 5:16 PM
To: ccielab@groupstudy.com
Subject: SAP ACL's
To allow SNA only:
access-list 200 permit 0x0000 0x0D0D
To filter NetBIOS:
access-list 200 deny 0xF0F0 0x0101
access-list 200 permit 0x0000 0xFFFF
To filter IPX:
access-list 200 deny 0xE0E0 0x0101
access-list 200 permit 0x0000 0xFFFF
Does anybody disagree? I have seen many documents contradict each other.
This is what I have found.
http://www.cisco.com/warp/public/698/acl200.html
Tony Schaffran
Network Analyst
CCNP, CCNA, CCDA,
NNCSS, NNCDS, CNE, MCSE
www.cconlinelabs.com
"Your #1 choice for Cisco rack rentals."
.
.
This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:47 GMT-3