RE: dlsw+ LSAP filtering

From: marc van hoof (mvh@marcvanhoof.com)
Date: Mon Aug 09 2004 - 12:13:59 GMT-3

G'day Scott,

Does this mean that the access list still works in binary, or that it
actually works in hex ?

Eg. If it works in hex, then:
0xf0f0 with mask 0x0101 would match:
0xf?f? with ? being any character between 0 and f

or do we convert to binary, so
0xf0f0 with mask 0x0101 would really be
1111000011110000 with mask 0000000100000001
so in reality, it would actually match
[0-f][0,2,4,6,8,10,12,14][0-f][0,2,4,6,8,10,12,14]

due to the least significant bit in each octet being fixed by the '1'.

I'm guessing it's the second one, due do you saying that there are no odd
number DSAP values.

Also, if this is the case, why not ?

Just clarifying...

Cheers,
-marc.

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Scott Morris
> Sent: Saturday, 7 August 2004 9:43 PM
> To: 'mani poopal'; ccielab@groupstudy.com
> Subject: RE: dlsw+ LSAP filtering
>
> The 200 series ACLs are just like any other access list... The only
> difference is that they hppen to be written in hex!
>
> The first listing is like your "network" and is used to set the bits. The
> second part is your mask. In BINARY, the concept is the same as any
> other,
> where a 0 bit means stay the same and a 1 bit means you don't care what
> the
> value is.
>
> Now, there are a few other things for technical accuracy.... Odd numbered
> SAPs will never exist in the DSAP field (first half of the "net" entry),
> so
> having a mask of 0x0101 is pointless. 0x0001 will accomplish what you
> want.
>
> So if you want specefic things only, like 04 SAPs, the "access-list 201
> permit 0x0404 0x0001" will be great.
>
> Some of the others, it's useful to have some technical bacground on...
> First, SAPs come in pairs (even and odd). Also, 08/09 and 0C/0D are
> IBM-specific SAPs and only exist in Token Ring networks.
>
> But to answer your question, the ACL does exactly what any other ACL does,
> just notes it in hex!
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
> JNCIP, et al.
> IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> swm@emanon.com/smorris@ipexpert.net
> http://www.ipexpert.net
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> mani
> poopal
> Sent: Saturday, August 07, 2004 12:25 AM
> To: ccielab@groupstudy.com
> Subject: dlsw+ LSAP filtering
>
> Hi Group,
>
> I like to get more information about LSAP filtering. I read Pactical
> studies volII and Netmasters material. I know there are 0xf0(Netbios) and
> 0x00, 0x04, 0x08 and 0x0c(SNA) SAP's available. If they ask you to block
> only few of them eg:0x00 and 0x08 how to do it.
>
> access-list 200 permit 0xf0f0 0x0101
> access-list 200 permit 0x0000 0x0d0d
> What above command does and how the access list are written. Any good
> explanation with examples are appreciated.
>
> thanks
>
> Mani
>
>
> B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> (416)431 9929
> MANI_CCIE@YAHOO.COM
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:35 GMT-3