From: Robert Laidlaw (laidlaw@consecro.com)
Date: Wed Jul 16 2003 - 15:37:29 GMT-3
My lab setup is this:
WS = Testbox --- e0 R1 s0 --s0 R2 e0 --- WS=Test
Like Jonathan has below, the "show bridge" shows the canonical mac and the
"show dlsw reach" shows the non-canonical mac.
Mac of Testbox= 00b0.d014.3629
Mac of Test= 00b0.d02c.b6d3
r2#sh dlsw reach
DLSw Local MAC address reachability cache list
Mac Addr status Loc. port rif
000d.0b34.6dcb FOUND LOCAL TBridge-001 --no rif--
DLSw Remote MAC address reachability cache list
Mac Addr status Loc. peer
000d.0b28.6c94 FOUND REMOTE 133.1.21.1(2065) max-lf(1500)
DLSw Local NetBIOS Name reachability cache list
NetBIOS Name status Loc. port rif
TEST FOUND LOCAL TBridge-001 --no rif--
DLSw Remote NetBIOS Name reachability cache list
NetBIOS Name status Loc. peer
TESTBOX FOUND REMOTE 133.1.21.1(2065) max-lf(1500)
For the output, it looks as though all mac's in the dlsw reachability, even
locals, are in non-canonical format.
When I went to R1 used an standard mac acl to filter the dlsw reachability,
the results were not what I expected.
If I used the non-canonical address in the filter,
access-list 700 deny 000d.0b28.6c94
access-list 700 permit 0.0.0 ffff.ffff.ffff
dlsw remote-peer 0 tcp 133.1.21.2 dmac-output-list 700
This did not filter the reachability or stop Test from reaching Testbox.
If I used the canonical address in the filter
access-list 700 deny 00b0.d014.3629 0000.0000.0000
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
this did stop the advertisement and Test could NOT reach testbox.
So with these results, you should filter based on the actual mac address of
the machine. However, when entering static "icanreach" you should do the
bitswapping first as the mac you enter in the icanreach is taken as a
literal.
> >
> > Well, you are right that we are all just talking theory. And
> > admittedly
> > the Doc CD is full of errors so we can't believe that source either.
> >
> > We need to configure a real-world workstation-to-workstation scenario
> > and post some actual results. Otherwise it's all talk.
> >
> > Anyone got a pair of NetBEUI workstations, one with TR and one with
> > ethernet?
>
>
> I was still puzzling about this so I decided to experiment a bit. I
> generated a single NetBEUI ethernet workstation and connected it to a
> router - not the full test bed.
>
> I found out one thing for sure: the IOS bridge function ("sh bridge")
> sees the ethernet mac address as canonical and the DLSW function ("sh
> dlsw reachability") sees the same mac address as non-canonical (see
> below for output). IOS is clearly converting the ethernet address to
> non-canonical format for use in DLSW.
>
> I personally am planning to stick with manual conversion of ethernet mac
> addresses to non-canonical format before typing them into a DLSW filter,
> until someone can prove otherwise.
>
> I am still not clear on a test procedure to prove which format
> (canonical vs. noncanonical) will cause correct operation of DLSW
> filtering. I think I would need two workstations, though. Can anyone
> suggest a good procedure?
> > See below for what I found (it's long and inconclusive).
>
> -Jonathan
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:41 GMT-3