From: Scott Morris (swm@emanon.com)
Date: Mon Mar 17 2003 - 08:30:57 GMT-3
Two different things there.
The ACL 200 is referred to with an "input-lsap-list" which specifically
matches the SSAP/DSAP fields in the 802.2 LLC header. Not all the time
will you see this for all protocols.
ACL 201 on the other hand is referred to with an "input-type-list" which
refers to the TYPE code found in the 802.2 header. Like 0x800 is IP,
etc.
Personally, I'm not sure of the logic here whether ACL 200 would be
explicitly permitted before ACL 201 is used, but I haven't tried this
out either. You may indeed need type-code entries for the SNA traffic
you are trying to permit.
Also, the permit 0x0004 0x0101 won't do much in the ethernet world.
That's permitting null lsap's, like explorer packets. I don't believe
anything existing in the ethernet SNA world falls into this category.
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tom Young
Sent: Monday, March 17, 2003 4:17 AM
To: ccielab@groupstudy.com
Subject: access-list
Hi, group
The sample that I get from my customer, In the
access-list , I think the last line should be
access-list 200 deny 0x0000 0xFFFF
not the
access-list 201 deny 0x0000 0xFFFF
It is meanless to make a new type-list 201, right ?
Thanks alot
interface FastEthernet0
ip address 192.168.108.58 255.255.255.0
speed auto
bridge-group 1
bridge-group 1 input-lsap-list 200
bridge-group 1 input-type-list 201
!
access-list 200 permit 0x0404 0x0101
access-list 200 permit 0x0004 0x0101
access-list 200 permit 0x0400 0x0101
access-list 200 permit 0x0000 0x0101
access-list 201 deny 0x0000 0xFFFF
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:41 GMT-3