RE: DLSw question - filtering SAPs??

From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Fri Jan 30 2004 - 14:57:27 GMT-3

• Next message: alsontra@hotmail.com: "Re: clear ip ospf redistribution and clear ip ospf process"
• Previous message: Danny.Andaluz@triaton-na.com: "RE: clear ip ospf redistribution and clear ip ospf process"
• Maybe in reply to: Karim: "DLSw question - filtering SAPs??"
• Next in thread: Scott Morris: "RE: DLSw question - filtering SAPs??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Look at the bits:

---------
0xf0f0 0x0101 = bits 11110000 11110000 mask 00000001 00000001

What are the matches?

11110000 11110000 f0f0
11110001 11110001 f1f1

---------

0000 0d0d = bits 00000000 00000000 mask 00001101 00001101

What are the matches?

00000000 00000000 0000
00000001 00000001 0101
00000100 00000100 0404
00000101 00000101 0505
00001000 00001000 0808
00001001 00001001 0909
00001100 00001100 0c0c
00001101 00001101 0d0d

What is a valid address and reverse mask to combine these into one
statement, or what bits
do we NOT care about (the x bit)?

00000000 00000000 0000
00000001 00000001 0101
00000100 00000100 0404
00000101 00000101 0505
00001000 00001000 0808
00001001 00001001 0909
00001100 00001100 0c0c
00001101 00001101 0d0d
11110000 11110000 f0f0
11110001 11110001 f1f1

xxxxxx0x xxxxxx0x 0202 = bits we dont care about cause they are
different on all SAPs.

So you could use the LESS specific 0x0000 0x0202. And I say less
specific because
it includes other SAP types not requested.... or you can look at the
reverse mask for
the SNA SAP, apply it to the Netbios and see if it fits.... Lets see.

0000xx0x 0000xx0x 0x0d0d (x = dont care bits)
11110000 11110000 0xf0f0 = Shows I care about the Netbios bits so
its a MATCH!

and

0000xx0x 0000xx0x 0x0d0d (x = dont care bits)
11110001 11110001 0xf1f1 = Shows I care about the Netbios bits so
its a MATCH!

So.... 0x0000 0x0d0d matches both SNA SAP and Netbios SAP!

If you dont like my explaination... see this...

http://www.cisco.com/en/US/tech/tk331/tk336/technologies_tech_note09186a
00800fad74.shtml

andy

-----Original Message-----
From: Karim [mailto:karim_ccie@hotmail.com]
Sent: Wednesday, January 28, 2004 5:41 PM
To: ccielab@groupstudy.com
Subject: DLSw question - filtering SAPs??

Hi all,

-- Refrering to CCIE practical studies (vol.1), chapter 13:
To permit only known SNA SAPs, use: access-list 200 permit 0x0d0d 0x0000
To permit only NetBIOS SAPs, use: access-list 200 permit 0xF0F0 0x0101

If it is required to permit both of them in one statement, the book
states that the following access-list is enough: access-list 200 permit
0x0d0d (the same that was used to permit the SNA SAPs).

I don't understand from where this comes from ??

-- Also regarding permiting SNA SAPs, is the following access-lists are
equivilant to each other ??
First: access-list 200 permit 0x0000 0x0d0d
Second: access-list 200 permit 0x0d0d 0x0000

Waiting for your help ;)
Karim.

• Next message: alsontra@hotmail.com: "Re: clear ip ospf redistribution and clear ip ospf process"
• Previous message: Danny.Andaluz@triaton-na.com: "RE: clear ip ospf redistribution and clear ip ospf process"
• Maybe in reply to: Karim: "DLSw question - filtering SAPs??"
• Next in thread: Scott Morris: "RE: DLSw question - filtering SAPs??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:52 GMT-3