From: Richard Dumoulin (richard.dumoulin@vanco.es)
Date: Sat Jun 12 2004 - 22:48:39 GMT-3
It's good that you asked because it gave me the opportunity to research a
bit. Let me explain so that we learn together :)
For the exam purpose let's distinguish between 2 types of L2 frames:
Ethernet II and 802.3 frames.
Over EthernetII we have IP and IP arp
Over 802.3 we have SNA, ISIS, and STP
I only mentioned those because I guess you are doing InternetworkExpert lab,
hehe.
In ethernetII, how do you tell the host/router which process (layer 3) the
frame should go to ?
With the ethertype !!
If it is ethertype 0x800 then it is the IP process
If it is 0x806 then it is ARP
In 802.3, there is no type value but a length value which tells how big is
the frame. So there is an additional layer called LLC which will tell the
host which process should receive the L2 frame. The SAP inside the LLC
header will tell it.
If the SAP is 0xFE then we have ISIS
If it is 0x42 then it is a BPDU
If it is 0x04, 0x05, 0x08 etc ... Then it is SNA
So to filter, you will either do it based on the ethertype or the LSAP (LLC
SAP) value. Or if you wish based on the MAC address because both frame types
have MAC address fields.
For the doc-cd I am afraid we won't find them there so we will have to learn
some by heart.
I will try to remember the following:
Ethertype 0x800 for IP
Ethertype 0x806 for ARP
SAP F0 and F1 for Netbios
SAP 0x0 0x01 0x04 0x05 0x08 0x09 etc ... If you start from 0 just keep
adding 4 each time.
SAP STP 0x42
SAP ISIS 0xFE
I am not sure I will remember them :)
HTH
--Richard
-----Original Message-----
From: Richard Dumoulin
Sent: domingo, 13 de junio de 2004 2:40
To: Richard Dumoulin; Karim; ccielab@groupstudy.com
Subject: RE: Confused: LSAP& DSAP/ MAC ACL.
But basically, a SAP (Layer2)is telling a host what network protocol (Layer
3)it is encapsulating.
SAP=Service Access Point. An analogy is a TCP port which tells what
application it is encapsulating. Although it is at different layer, the
concept remains the same,
--Richard
-----Original Message-----
From: Richard Dumoulin
Sent: domingo, 13 de junio de 2004 2:32
To: 'Karim'; ccielab@groupstudy.com
Subject: RE: Confused: LSAP& DSAP/ MAC ACL.
http://standards.ieee.org/regauth/llc/llctutorial.html
--Richard
-----Original Message-----
From: Karim [mailto:karim_ccie@hotmail.com]
Sent: domingo, 13 de junio de 2004 0:07
To: ccielab@groupstudy.com
Subject: Confused: LSAP& DSAP/ MAC ACL.
Hi all,
I am totally confused regarding the LSAP field used in the mac access-list.
Is the LSAP value specified in the command represents both LSAP and DSAP??
Do we use it to identify the ether type for certain type of traffic as a way
of filtering ?? How can I find the values that might be used (like the one
used for IP ARP) in the exam from the DOC. CD ???
Thanks for your help,
Karim.
**********************************************************************
Any opinions expressed in the email are those of the individual and not
necessarily the company. This email and any files transmitted with it are
confidential and solely for the use of the intended recipient. If you are
not the intended recipient or the person responsible for delivering it to
the intended recipient, be advised that you have received this email in
error and that any dissemination, distribution, copying or use is strictly
prohibited.
If you have received this email in error, or if you are concerned with the
content of this email please e-mail to: e-security.support@vanco.co.uk
The contents of an attachment to this e-mail may contain software viruses
which could damage your own computer system. While the sender has taken
every reasonable precaution to minimise this risk, we cannot accept
liability for any damage which you sustain as a result of software viruses.
You should carry out your own virus checks before opening any attachments to
this e-mail.
**********************************************************************
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:39 GMT-3