From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Mon May 17 2004 - 16:21:56 GMT-3
> I cannotreach saps f0 -------> Denying netbios saps only. Will it
still
> permit SNA SAPS to be forwarded or will it be denied by implicit deny
> statement or
This will allow everything except F0 (and F1)
> icanreach saps 00 04 08 0C-----> permiting only SNA saps. Will it
allow
> Netbios SAPS f0 to be forwarded.
This will deny everything except 00, 04, 08, and 0C (and 01, 05,
09, 0D).
You can accomplish the same thing with either statements, they
are just the reverse logic of each other. Icanreach is permit with
implicit deny, icannotreach is deny with implicit permit.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
> -----Original Message-----
> From: Ahmed Mustafa [mailto:ahmed.mustafa@sbcglobal.net]
> Sent: Friday, May 14, 2004 10:43 PM
> To: Brian McGahan; ccielab@groupstudy.com
> Subject: Re: DLSW
>
> Thanks Brian ! That was a great link, but one question,
>
> Does either Icanreach or Icannotreach has implicit deny at the end.
>
> For example,
>
> If at central location,
>
> I cannotreach saps f0 -------> Denying netbios saps only. Will it
still
> permit SNA SAPS to be forwarded or will it be denied by implicit deny
> statement or
>
> if I configure
>
> icanreach saps 00 04 08 0C-----> permiting only SNA saps. Will it
allow
> Netbios SAPS f0 to be forwarded.
>
> Regards,
>
> Ahmed
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> To: "Ahmed Mustafa" <ahmed.mustafa@sbcglobal.net>;
> <ccielab@groupstudy.com>
> Sent: Friday, May 14, 2004 7:36 AM
> Subject: RE: DLSW
>
>
> Ahmed,
>
> Have you seen the below CCO doc entitled "DLSw+ SAP/MAC
> Filtering Techniques" ? It describes exactly what you are asking,
where
> to apply which of these filters and in what circumstance:
>
> http://www.cisco.com/warp/public/697/dlswfilter.html
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Ahmed Mustafa
> > Sent: Thursday, May 13, 2004 2:20 PM
> > To: ccielab@groupstudy.com
> > Subject: DLSW
> >
> > Can some please clear this confusion?
> >
> > In DLSW, there are more than two options to filtering traffic such
as
> one
> > could you
> >
> > 1) access-list 200 for filtering SNA and Netbios SAPS
> >
> > 2) Icanreach SAP commands
> >
> > 3) Icannotreach SAP commands
> >
> > 4) Icannreach mac-address
> >
> > 5) Icannotreach mac-address.
> >
> >
> > If I were to filter netbios saps, I could either use
> >
> >
> > access-list 200 deny 0xf0f0 0x 0101 and attach to the remote peer by
> using
> > LSAP-FILTER-OUTPUT.
> >
> > or
> >
> > I could simply do
> >
> > icanreach sap 00 04 08 0C-----------> This will permit SNA SAPs,
and
> deny
> > Netbios SAPs F0.
> >
> >
> > I just can't understand when to use which filtering.
> >
> >
> > Regards,
> >
> >
> > Ahmed
> >
> >
>
This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:13 GMT-3