From: marc van hoof (mvh@marcvanhoof.com)
Date: Mon Aug 09 2004 - 21:26:25 GMT-3
True - I'm being stupid... too much time working on route statements and not
enough on sleep or access-lists...
Sorry for the stupidity.. :)
-marc.
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Scott Morris
> Sent: Tuesday, 10 August 2004 10:17 AM
> To: 'marc van hoof'; 'mani poopal'; ccielab@groupstudy.com
> Subject: RE: dlsw+ LSAP filtering
>
> Ummm... Regular ACLs work the same... Your bits are backwards... 0
> means
> must stay the same in a binary wildcard mask. 1 means don't care.
>
> So it's not backwards, it's the same.
>
> HTH,
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> marc
> van hoof
> Sent: Monday, August 09, 2004 6:46 PM
> To: 'Scott Morris'; 'mani poopal'; ccielab@groupstudy.com
> Subject: RE: dlsw+ LSAP filtering
>
> So in actual fact, those particular ACLs are asking for wildcard bits, as
> the IP ACLs use a 1 to represent a fixed bit and a 0 to represent a bit
> that
> we don't care about...
>
> It's reversed for DSAPs ???
>
> Why would they do that ? or am I being stupid ?
>
> -marc.
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of Scott Morris
> > Sent: Tuesday, 10 August 2004 2:23 AM
> > To: 'marc van hoof'; 'mani poopal'; ccielab@groupstudy.com
> > Subject: RE: dlsw+ LSAP filtering
> >
> > The router works in binary. The ACL is written in hexadecimal.
> >
> > The network architect needs to be able to understand binary, workin
> > decimal, hexadecimal, or whatever other evil crap that IOS programmers
> > choose to throw at us. ;)
> >
> > A mask in binary being 0000000100000001 would mean there are only two
> > bits you don't care about. So F0 and F1 would be your two possible
> > values allowed in each position. But the mask SHOULD be
> > 0000000000000001
> > (0x0001)
> > because since your "net" portion represents the SAP field in the LLC
> > header of ethernet (DSAP/SSAP), you'll find that odd values don't
> > exist as destinations.
> >
> > Why not? Dunno, didn't write those specs. :) They just don't! The
> > pairs are in a command/response relationship. Something is destined
> > to a command port, but not TO a reply port (if you are replying, you
> > are sourcing information not receiving it). *shrug*
> >
> > HTH,
> >
> >
> > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> > CISSP, JNCIP, et al.
> > IPExpert CCIE Program Manager
> > IPExpert Sr. Technical Instructor
> > swm@emanon.com/smorris@ipexpert.net
> > http://www.ipexpert.net
> >
> >
> > PS. The couple of unicast messages you sent me have been replied to,
> > but I get bounces from your server. *shrug*
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of marc van hoof
> > Sent: Monday, August 09, 2004 11:14 AM
> > To: 'Scott Morris'; 'mani poopal'; ccielab@groupstudy.com
> > Subject: RE: dlsw+ LSAP filtering
> >
> > G'day Scott,
> >
> > Does this mean that the access list still works in binary, or that it
> > actually works in hex ?
> >
> > Eg. If it works in hex, then:
> > 0xf0f0 with mask 0x0101 would match:
> > 0xf?f? with ? being any character between 0 and f
> >
> > or do we convert to binary, so
> > 0xf0f0 with mask 0x0101 would really be 1111000011110000 with mask
> > 0000000100000001 so in reality, it would actually match
> > [0-f][0,2,4,6,8,10,12,14][0-f][0,2,4,6,8,10,12,14]
> >
> > due to the least significant bit in each octet being fixed by the '1'.
> >
> > I'm guessing it's the second one, due do you saying that there are no
> > odd number DSAP values.
> >
> > Also, if this is the case, why not ?
> >
> > Just clarifying...
> >
> > Cheers,
> > -marc.
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > > Of Scott Morris
> > > Sent: Saturday, 7 August 2004 9:43 PM
> > > To: 'mani poopal'; ccielab@groupstudy.com
> > > Subject: RE: dlsw+ LSAP filtering
> > >
> > > The 200 series ACLs are just like any other access list... The only
> > > difference is that they hppen to be written in hex!
> > >
> > > The first listing is like your "network" and is used to set the bits.
> > > The second part is your mask. In BINARY, the concept is the same as
> > > any other, where a 0 bit means stay the same and a 1 bit means you
> > > don't care what the value is.
> > >
> > > Now, there are a few other things for technical accuracy.... Odd
> > > numbered SAPs will never exist in the DSAP field (first half of the
> > > "net" entry), so having a mask of 0x0101 is pointless. 0x0001 will
> > > accomplish what you want.
> > >
> > > So if you want specefic things only, like 04 SAPs, the "access-list
> > > 201 permit 0x0404 0x0001" will be great.
> > >
> > > Some of the others, it's useful to have some technical bacground on...
> > > First, SAPs come in pairs (even and odd). Also, 08/09 and 0C/0D are
> > > IBM-specific SAPs and only exist in Token Ring networks.
> > >
> > > But to answer your question, the ACL does exactly what any other ACL
> > > does, just notes it in hex!
> > >
> > >
> > > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> > > CISSP, JNCIP, et al.
> > > IPExpert CCIE Program Manager
> > > IPExpert Sr. Technical Instructor
> > > swm@emanon.com/smorris@ipexpert.net
> > > http://www.ipexpert.net
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > > Of mani poopal
> > > Sent: Saturday, August 07, 2004 12:25 AM
> > > To: ccielab@groupstudy.com
> > > Subject: dlsw+ LSAP filtering
> > >
> > > Hi Group,
> > >
> > > I like to get more information about LSAP filtering. I read
> > > Pactical studies volII and Netmasters material. I know there are
> > > 0xf0(Netbios) and 0x00, 0x04, 0x08 and 0x0c(SNA) SAP's available.
> > > If they ask you to block only few of them eg:0x00 and 0x08 how to do
> it.
> > >
> > > access-list 200 permit 0xf0f0 0x0101 access-list 200 permit 0x0000
> > > 0x0d0d What above command does and how the access list are written.
> > > Any good explanation with examples are appreciated.
> > >
> > > thanks
> > >
> > > Mani
> > >
> > >
> > > B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> > > (416)431 9929
> > > MANI_CCIE@YAHOO.COM
> > >
> > > ---------------------------------
> > > Do you Yahoo!?
> > > Yahoo! Mail - 50x more storage than other providers!
> > >
> > > ____________________________________________________________________
> > > __ _ Please help support GroupStudy by purchasing your study
> > > materials
> > > from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > ____________________________________________________________________
> > > __ _ Please help support GroupStudy by purchasing your study
> > > materials
> > > from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > ______________________________________________________________________
> > _ Please help support GroupStudy by purchasing your study materials
> > from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > ______________________________________________________________________
> > _ Please help support GroupStudy by purchasing your study materials
> > from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:36 GMT-3