From: Nidahl Damen (nidahl@supertux.com)
Date: Mon Feb 23 2004 - 19:16:14 GMT-3
I take lab tommorow, does anyone have a good example, or more of a
detailed example of how it might go. Sorry for cramming, but this is the
only section where I am a little lost as they say.
Regards
Zack
> Scott, I understand you are right; but going by CCO the common saps for
> sna is 0x00 0x04 0x08 0x0c.
>
> When taking the lab, I'm going to use the idealized answer provided by
> cco, and probably not the real world answer. Can you provide the
> correct answer for Ethernet to Ethernet sna?
>
>
> http://www.cisco.com/warp/public/698/acl200.html
>
>
> The lsap-output-list links to a SAP access list (SAP ACL) that currently
> only allows SNA SAPs (for example, 0x00, 0x04, 0x08, and so on) to go
> toward the central router, and denies everything else
>
> http://www.cisco.com/warp/public/697/dlswfilter.shtml
>
>
> 00 Null LSAP
> 04 IBM SNA Path Control (individual)
> 05 IBM SNA Path Control (group)
>
> 08 SNA
> 09 SNA
> 0C SNA
> 0D SNA
>
> http://www.cisco.com/en/US/tech/tk870/tk451/tk374/technologies_tech_note
> 09186a0080094226.shtml
>
>
>
> -----Original Message-----
> From: Scott Morris [mailto:swm@emanon.com]
> Sent: Monday, February 23, 2004 1:05 PM
> To: 'Michael Snyder'; ccielab@groupstudy.com
> Cc: 'Zack Damen'
> Subject: RE: DLSW SAP FILTERING?
>
> Actually, 201 permits a bunch of crap you won't see. ;)
>
> 00 is null lsap (used for explorers in SRB)
> 01 doesn't exist
> 04 and 05 are SNA
> 08, 09, 0C and 0D are IBM-specific token-ring implementations that will
> not
> exist in ethernet.
>
> Soooo.... It's a whole lot more than you acutally need in order to
> permit
> SNA in an ethernet-to-ethernet scenario.
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> CISSP,
> JNCIS, et al.
> IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> swm@emanon.com/smorris@ipexpert.net
> http://www.ipexpert.net
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Michael Snyder
> Sent: Monday, February 23, 2004 9:43 AM
> To: ccielab@groupstudy.com
> Cc: 'Zack Damen'
> Subject: RE: DLSW SAP FILTERING?
>
> 201 is permit ibm sna protocol
>
> 202 is deny netbios and permit all
>
> I prefer icanreach saps myself, much cleaner code.
>
> Icanreach sap f0 (netbios only on local router)
>
> Icanreach sap 00 04 08 0C (SNA only on local router)
>
> Icanreach sap e0 (ipx only on local router)
>
>
> Check the archives, and the sap filtering links on cco.
>
> -----Original Message-----
> From: Zack Damen [mailto:zack@supertux.com]
> Sent: Monday, February 23, 2004 2:07 AM
> To: ccielab@groupstudy.com
> Subject: DLSW SAP FILTERING?
>
> I was hoping that someone here could point in the right direction of
> understanding SAP filtering.
>
> example:
>
> Access list 201 permit 0x0000 0x0d0d
> !
> Access list 202 deny 0xf0f0 0x0101
> Access list 202 permit 0x0000 0xffff
>
> I understand how dlsw work, but not exactly how to do the filtering in
> dlsw.
>
> thanks
>
> Zack
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:56 GMT-3