From: Scott Morris (swm@emanon.com)
Date: Mon Feb 23 2004 - 16:05:27 GMT-3
Actually, 201 permits a bunch of crap you won't see. ;)
00 is null lsap (used for explorers in SRB)
01 doesn't exist
04 and 05 are SNA
08, 09, 0C and 0D are IBM-specific token-ring implementations that will not
exist in ethernet.
Soooo.... It's a whole lot more than you acutally need in order to permit
SNA in an ethernet-to-ethernet scenario.
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michael Snyder
Sent: Monday, February 23, 2004 9:43 AM
To: ccielab@groupstudy.com
Cc: 'Zack Damen'
Subject: RE: DLSW SAP FILTERING?
201 is permit ibm sna protocol
202 is deny netbios and permit all
I prefer icanreach saps myself, much cleaner code.
Icanreach sap f0 (netbios only on local router)
Icanreach sap 00 04 08 0C (SNA only on local router)
Icanreach sap e0 (ipx only on local router)
Check the archives, and the sap filtering links on cco.
-----Original Message-----
From: Zack Damen [mailto:zack@supertux.com]
Sent: Monday, February 23, 2004 2:07 AM
To: ccielab@groupstudy.com
Subject: DLSW SAP FILTERING?
I was hoping that someone here could point in the right direction of
understanding SAP filtering.
example:
Access list 201 permit 0x0000 0x0d0d
!
Access list 202 deny 0xf0f0 0x0101
Access list 202 permit 0x0000 0xffff
I understand how dlsw work, but not exactly how to do the filtering in dlsw.
thanks
Zack
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:55 GMT-3