RE: DLSW SAP FILTERING?

From: Michael Snyder (msnyder@revolutioncomputer.com)
Date: Mon Feb 23 2004 - 19:08:58 GMT-3

• Next message: Nidahl Damen: "RE: DLSW SAP FILTERING?"
• Previous message: Nigel.Johnson@barclayscapital.com: "How much Voice on the CCIE R&S lab?"
• Maybe in reply to: Zack Damen: "DLSW SAP FILTERING?"
• Next in thread: Nidahl Damen: "RE: DLSW SAP FILTERING?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Scott, I understand you are right; but going by CCO the common saps for
sna is 0x00 0x04 0x08 0x0c.

When taking the lab, I'm going to use the idealized answer provided by
cco, and probably not the real world answer. Can you provide the
correct answer for Ethernet to Ethernet sna?

http://www.cisco.com/warp/public/698/acl200.html

The lsap-output-list links to a SAP access list (SAP ACL) that currently
only allows SNA SAPs (for example, 0x00, 0x04, 0x08, and so on) to go
toward the central router, and denies everything else

http://www.cisco.com/warp/public/697/dlswfilter.shtml

00 Null LSAP
04 IBM SNA Path Control (individual)
05 IBM SNA Path Control (group)

08 SNA
09 SNA
0C SNA
0D SNA

http://www.cisco.com/en/US/tech/tk870/tk451/tk374/technologies_tech_note
09186a0080094226.shtml

-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Monday, February 23, 2004 1:05 PM
To: 'Michael Snyder'; ccielab@groupstudy.com
Cc: 'Zack Damen'
Subject: RE: DLSW SAP FILTERING?

Actually, 201 permits a bunch of crap you won't see. ;)

00 is null lsap (used for explorers in SRB)
01 doesn't exist
04 and 05 are SNA
08, 09, 0C and 0D are IBM-specific token-ring implementations that will
not
exist in ethernet.

Soooo.... It's a whole lot more than you acutally need in order to
permit
SNA in an ethernet-to-ethernet scenario.

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP,
JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michael Snyder
Sent: Monday, February 23, 2004 9:43 AM
To: ccielab@groupstudy.com
Cc: 'Zack Damen'
Subject: RE: DLSW SAP FILTERING?

201 is permit ibm sna protocol

202 is deny netbios and permit all

I prefer icanreach saps myself, much cleaner code.

Icanreach sap f0 (netbios only on local router)

Icanreach sap 00 04 08 0C (SNA only on local router)

Icanreach sap e0 (ipx only on local router)

Check the archives, and the sap filtering links on cco.

-----Original Message-----
From: Zack Damen [mailto:zack@supertux.com]
Sent: Monday, February 23, 2004 2:07 AM
To: ccielab@groupstudy.com
Subject: DLSW SAP FILTERING?

I was hoping that someone here could point in the right direction of
understanding SAP filtering.

example:

Access list 201 permit 0x0000 0x0d0d
!
Access list 202 deny 0xf0f0 0x0101
Access list 202 permit 0x0000 0xffff

I understand how dlsw work, but not exactly how to do the filtering in
dlsw.

thanks

Zack

• Next message: Nidahl Damen: "RE: DLSW SAP FILTERING?"
• Previous message: Nigel.Johnson@barclayscapital.com: "How much Voice on the CCIE R&S lab?"
• Maybe in reply to: Zack Damen: "DLSW SAP FILTERING?"
• Next in thread: Nidahl Damen: "RE: DLSW SAP FILTERING?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:56 GMT-3