From: Chris Larson (clarson52@comcast.net)
Date: Thu May 13 2004 - 20:30:57 GMT-3
If you use icanreach or icantreach commands, they are exchanged when the
dlsw is setup during capabilities exchange. When you use an icannotreach for
example, the remote end won't even bother sending anything to you for that
addy. With an access-list however, the remote will send you traffic even
though it ends up being blocked on the return by your list.
Chris
----- Original Message -----
From: "Ahmed Mustafa" <ahmed.mustafa@sbcglobal.net>
To: <ccielab@groupstudy.com>
Sent: Thursday, May 13, 2004 3:20 PM
Subject: DLSW
> Can some please clear this confusion?
>
> In DLSW, there are more than two options to filtering traffic such as one
> could you
>
> 1) access-list 200 for filtering SNA and Netbios SAPS
>
> 2) Icanreach SAP commands
>
> 3) Icannotreach SAP commands
>
> 4) Icannreach mac-address
>
> 5) Icannotreach mac-address.
>
>
> If I were to filter netbios saps, I could either use
>
>
> access-list 200 deny 0xf0f0 0x 0101 and attach to the remote peer by using
> LSAP-FILTER-OUTPUT.
>
> or
>
> I could simply do
>
> icanreach sap 00 04 08 0C-----------> This will permit SNA SAPs, and deny
> Netbios SAPs F0.
>
>
> I just can't understand when to use which filtering.
>
>
> Regards,
>
>
> Ahmed
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:11 GMT-3