From: Scott Morris (swm@emanon.com)
Date: Sun Nov 23 2003 - 12:09:57 GMT-3
You'll need to permit more than just the one thing... The first hex
number is the values for the SAP (DSAP/SSAP) field. The second hex
number is a mask for it. Think in binary...
That example (all over CCO) is WAY too broad, particularly for
Ethernet-only environments. But the details of this have been discussed
many times here on groupstudy, so I'd suggest looking through the
archives so I don't sound nearly as long-winded as I typically do on
this subject. :)
Enjoy!
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP, JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Wei Zou (wzou)
Sent: Sunday, November 23, 2003 9:31 AM
To: ccielab@groupstudy.com
Subject: SNA SAP Filter
Hi :
Could anyone tell me why the syntax to permit all SNA SAP is:
access-list 200 permit 0x0000 0x0D0D
access-list 200 deny 0x0000 0xFFFF
Other than:
access-list 200 permit 0x0D0D 0x0000
access-list 200 deny 0x0000 0xFFFF
I belive 0x0D0D is for SNA SAP.
Thanks
Wei
This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:16 GMT-3