From: Jonathan V Hays (jhays@jtan.com)
Date: Sun Nov 23 2003 - 11:55:55 GMT-3
This is an LSAP filter consisting of a DSAP and an SSAP. 0x0D0D is the
wildcard mask and since D is 1101 this means that only one bit is
required and it must be zero in the third column which means all SNA
SAPs are of the binary form xx0x. For the SSAP the rightmost bit is a
command/response bit and the DSAP's is the individual/group bit. Look at
the diagram of the 802.3 frame inside the front cover of Solie's CCIE
Practical Studies volume 1 for more details.
If we work through the binary to hex for the SSAPs:
0000 1101 -> 0x0D wildcard mask
0000 0000 -> 0x00 Command
0000 0001 -> 0x01 Response
0000 0100 -> 0x04 Command
0000 0101 -> 0x05 Response
0000 1000 -> 0x08 Command
0000 1001 -> 0x09 Response
0000 1100 -> 0x0C Command
0000 1101 -> 0x0D Response
So using 0x0000 0x0D0D covers all the SNA SAPs.
This has been discussed many times before so if you search the
Groupstudy archives you will find a lot more posts on the subject. Also,
below are a couple of relevant links.
http://www.cisco.com/en/US/tech/tk331/tk336/technologies_tech_note09186a
00800fad74.shtml
http://www.cisco.com/en/US/tech/tk870/tk451/tk374/technologies_tech_note
09186a0080094226.shtml
Jonathan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Wei Zou (wzou)
Sent: Sunday, November 23, 2003 9:31 AM
To: ccielab@groupstudy.com
Subject: SNA SAP Filter
Hi :
Could anyone tell me why the syntax to permit all SNA SAP is:
access-list 200 permit 0x0000 0x0D0D
access-list 200 deny 0x0000 0xFFFF
Other than:
access-list 200 permit 0x0D0D 0x0000
access-list 200 deny 0x0000 0xFFFF
I belive 0x0D0D is for SNA SAP.
Thanks
Wei
This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:16 GMT-3