RE: dlsw+ LSAP filtering

From: Scott Morris (swm@emanon.com)
Date: Sat Aug 07 2004 - 08:42:54 GMT-3

• Next message: Scott Morris: "RE: tunnel recursive routing problems..."
• Previous message: marc van hoof: "tunnel recursive routing problems..."
• Maybe in reply to: mani poopal: "dlsw+ LSAP filtering"
• Next in thread: mani poopal: "RE: dlsw+ LSAP filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The 200 series ACLs are just like any other access list... The only
difference is that they hppen to be written in hex!

The first listing is like your "network" and is used to set the bits. The
second part is your mask. In BINARY, the concept is the same as any other,
where a 0 bit means stay the same and a 1 bit means you don't care what the
value is.

Now, there are a few other things for technical accuracy.... Odd numbered
SAPs will never exist in the DSAP field (first half of the "net" entry), so
having a mask of 0x0101 is pointless. 0x0001 will accomplish what you want.

So if you want specefic things only, like 04 SAPs, the "access-list 201
permit 0x0404 0x0001" will be great.

Some of the others, it's useful to have some technical bacground on...
First, SAPs come in pairs (even and odd). Also, 08/09 and 0C/0D are
IBM-specific SAPs and only exist in Token Ring networks.

But to answer your question, the ACL does exactly what any other ACL does,
just notes it in hex!

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIP, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of mani
poopal
Sent: Saturday, August 07, 2004 12:25 AM
To: ccielab@groupstudy.com
Subject: dlsw+ LSAP filtering

Hi Group,
 
I like to get more information about LSAP filtering. I read Pactical
studies volII and Netmasters material. I know there are 0xf0(Netbios) and
0x00, 0x04, 0x08 and 0x0c(SNA) SAP's available. If they ask you to block
only few of them eg:0x00 and 0x08 how to do it.
 
access-list 200 permit 0xf0f0 0x0101
access-list 200 permit 0x0000 0x0d0d
What above command does and how the access list are written. Any good
explanation with examples are appreciated.
 
thanks
 
Mani

B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
(416)431 9929
MANI_CCIE@YAHOO.COM
                
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!

• Next message: Scott Morris: "RE: tunnel recursive routing problems..."
• Previous message: marc van hoof: "tunnel recursive routing problems..."
• Maybe in reply to: mani poopal: "dlsw+ LSAP filtering"
• Next in thread: mani poopal: "RE: dlsw+ LSAP filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:34 GMT-3