From: alsontra@hotmail.com
Date: Thu Apr 22 2004 - 19:35:43 GMT-3
I would think not. My approach would be to block the specific mac and
permit everything else.
access-list 700 deny 00e0.1ece.4a68 0000.0000.0000
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
Alsontra-
----- Original Message -----
From: "David Hurtado" <dei2viccie@hotmail.com>
To: <alsontra@hotmail.com>; <kwchen@netvigator.com>;
<ccielab@groupstudy.com>
Sent: Tuesday, April 20, 2004 11:47 AM
Subject: Re: DLSW Destination MAC address filtering
> If i want to filter SNA traffic using "dmac-output-list" for a specific
MAC address , do have to alllow some address to let SNA work?
>
> Thanks for the help
>
>
>
>
>
> >From: <alsontra@hotmail.com>
> >Reply-To: <alsontra@hotmail.com>
> >To: "William Chen" <kwchen@netvigator.com>, <ccielab@groupstudy.com>
> >Subject: Re: DLSW Destination MAC address filtering
> >Date: Sun, 18 Apr 2004 13:12:22 -0700
> >
> >As I understand it, if you use the icanreach statement with
mac-exclusive,
> >remote peers will only send traffic destined for mac d5b3.f748.2c6a.
There
> >will be no broadcasts. All remote peers learn your "exclusively local
mac"
> >during the initial capabilities exchange. I don't think broadcast are
ever
> >sent to a peer using "icanreach mac-exclusive". There would me no need.
> >
> >Further, I think when you use icanreach statement your defining static
> >resources for the peer, which says to me no broadcast or explorer
frames...
> >
> >"Static Resources Capabilities Exchange
> >To reduce explorer traffic destined for this peer, the peer can send
other
> >peers a list of resources for which it has information (icanreach) or
does
> >not have information (icannotreach). This information is exchanged as
part
> >of a capabilities exchange.To configure static resources that will be
> >exchanged as part of a capabilities exchange, use one of the following
> >commands in global configuration mode, as needed:"
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fib
m_c/bcfpart2/bcfdlsw.htm
> >
> >
> >
> >$0.02
> >
> >Alsontra-
> >
> >
> >
> >
> >----- Original Message -----
> >From: "William Chen" <kwchen@netvigator.com>
> >To: <ccielab@groupstudy.com>
> >Sent: Sunday, April 18, 2004 10:41 AM
> >Subject: DLSW Destination MAC address filtering
> >
> >
> > > Dear all,
> > >
> > > I understand that if I have to use "dmac-output-list" to filtering
the
> > > NETBIOS session to only a host's MAC address, I have to add the
NETBIOS
> > > boardcast query destination MAC address also, i.e. c000.0000.0080, as:
> > >
> > > access-list 700 permit d5b3.f748.2c6a
> > > access-list 700 permit c000.0000.0080
> > >
> > > The question is, if I use the command "dlsw icanreach mac-address"
and
> > > "dlsw icanreach mac-exclusive" to restirct the access to local
circuits,
> >do
> > > I need to include the NETBIOS broadcast address c000.0000.0080?
> > >
> > > Best Regards,
> > > William Chen
> > >
> > >
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:53 GMT-3