RE: dlsw+ LSAP filtering

From: Scott Morris (swm@emanon.com)
Date: Mon Aug 09 2004 - 22:15:08 GMT-3

• Next message: Tom Young: "memory-size iomem command"
• Previous message: marc van hoof: "RE: dlsw+ LSAP filtering"
• Maybe in reply to: mani poopal: "dlsw+ LSAP filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Heheheh... No worries. Happens to the best of us!

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of marc
van hoof
Sent: Monday, August 09, 2004 8:26 PM
To: 'Scott Morris'; 'marc van hoof'; 'mani poopal'; ccielab@groupstudy.com
Subject: RE: dlsw+ LSAP filtering

True - I'm being stupid... too much time working on route statements and not
enough on sleep or access-lists...

Sorry for the stupidity.. :)

-marc.

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Scott Morris
> Sent: Tuesday, 10 August 2004 10:17 AM
> To: 'marc van hoof'; 'mani poopal'; ccielab@groupstudy.com
> Subject: RE: dlsw+ LSAP filtering
>
> Ummm... Regular ACLs work the same... Your bits are backwards... 0
> means must stay the same in a binary wildcard mask. 1 means don't
> care.
>
> So it's not backwards, it's the same.
>
> HTH,
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of marc van hoof
> Sent: Monday, August 09, 2004 6:46 PM
> To: 'Scott Morris'; 'mani poopal'; ccielab@groupstudy.com
> Subject: RE: dlsw+ LSAP filtering
>
> So in actual fact, those particular ACLs are asking for wildcard bits,
> as the IP ACLs use a 1 to represent a fixed bit and a 0 to represent a
> bit that we don't care about...
>
> It's reversed for DSAPs ???
>
> Why would they do that ? or am I being stupid ?
>
> -marc.
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of Scott Morris
> > Sent: Tuesday, 10 August 2004 2:23 AM
> > To: 'marc van hoof'; 'mani poopal'; ccielab@groupstudy.com
> > Subject: RE: dlsw+ LSAP filtering
> >
> > The router works in binary. The ACL is written in hexadecimal.
> >
> > The network architect needs to be able to understand binary, workin
> > decimal, hexadecimal, or whatever other evil crap that IOS
> > programmers choose to throw at us. ;)
> >
> > A mask in binary being 0000000100000001 would mean there are only
> > two bits you don't care about. So F0 and F1 would be your two
> > possible values allowed in each position. But the mask SHOULD be
> > 0000000000000001
> > (0x0001)
> > because since your "net" portion represents the SAP field in the LLC
> > header of ethernet (DSAP/SSAP), you'll find that odd values don't
> > exist as destinations.
> >
> > Why not? Dunno, didn't write those specs. :) They just don't!
> > The pairs are in a command/response relationship. Something is
> > destined to a command port, but not TO a reply port (if you are
> > replying, you are sourcing information not receiving it). *shrug*
> >
> > HTH,
> >
> >
> > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> > CISSP, JNCIP, et al.
> > IPExpert CCIE Program Manager
> > IPExpert Sr. Technical Instructor
> > swm@emanon.com/smorris@ipexpert.net
> > http://www.ipexpert.net
> >
> >
> > PS. The couple of unicast messages you sent me have been replied
> > to, but I get bounces from your server. *shrug*
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of marc van hoof
> > Sent: Monday, August 09, 2004 11:14 AM
> > To: 'Scott Morris'; 'mani poopal'; ccielab@groupstudy.com
> > Subject: RE: dlsw+ LSAP filtering
> >
> > G'day Scott,
> >
> > Does this mean that the access list still works in binary, or that
> > it actually works in hex ?
> >
> > Eg. If it works in hex, then:
> > 0xf0f0 with mask 0x0101 would match:
> > 0xf?f? with ? being any character between 0 and f
> >
> > or do we convert to binary, so
> > 0xf0f0 with mask 0x0101 would really be 1111000011110000 with mask
> > 0000000100000001 so in reality, it would actually match
> > [0-f][0,2,4,6,8,10,12,14][0-f][0,2,4,6,8,10,12,14]
> >
> > due to the least significant bit in each octet being fixed by the '1'.
> >
> > I'm guessing it's the second one, due do you saying that there are
> > no odd number DSAP values.
> >
> > Also, if this is the case, why not ?
> >
> > Just clarifying...
> >
> > Cheers,
> > -marc.
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > > Behalf Of Scott Morris
> > > Sent: Saturday, 7 August 2004 9:43 PM
> > > To: 'mani poopal'; ccielab@groupstudy.com
> > > Subject: RE: dlsw+ LSAP filtering
> > >
> > > The 200 series ACLs are just like any other access list... The
> > > only difference is that they hppen to be written in hex!
> > >
> > > The first listing is like your "network" and is used to set the bits.
> > > The second part is your mask. In BINARY, the concept is the same
> > > as any other, where a 0 bit means stay the same and a 1 bit means
> > > you don't care what the value is.
> > >
> > > Now, there are a few other things for technical accuracy.... Odd
> > > numbered SAPs will never exist in the DSAP field (first half of
> > > the "net" entry), so having a mask of 0x0101 is pointless. 0x0001
> > > will accomplish what you want.
> > >
> > > So if you want specefic things only, like 04 SAPs, the
> > > "access-list
> > > 201 permit 0x0404 0x0001" will be great.
> > >
> > > Some of the others, it's useful to have some technical bacground on...
> > > First, SAPs come in pairs (even and odd). Also, 08/09 and 0C/0D
> > > are IBM-specific SAPs and only exist in Token Ring networks.
> > >
> > > But to answer your question, the ACL does exactly what any other
> > > ACL does, just notes it in hex!
> > >
> > >
> > > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider)
> > > #4713, CISSP, JNCIP, et al.
> > > IPExpert CCIE Program Manager
> > > IPExpert Sr. Technical Instructor
> > > swm@emanon.com/smorris@ipexpert.net
> > > http://www.ipexpert.net
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > > Behalf Of mani poopal
> > > Sent: Saturday, August 07, 2004 12:25 AM
> > > To: ccielab@groupstudy.com
> > > Subject: dlsw+ LSAP filtering
> > >
> > > Hi Group,
> > >
> > > I like to get more information about LSAP filtering. I read
> > > Pactical studies volII and Netmasters material. I know there are
> > > 0xf0(Netbios) and 0x00, 0x04, 0x08 and 0x0c(SNA) SAP's available.
> > > If they ask you to block only few of them eg:0x00 and 0x08 how to
> > > do
> it.
> > >
> > > access-list 200 permit 0xf0f0 0x0101 access-list 200 permit 0x0000
> > > 0x0d0d What above command does and how the access list are written.
> > > Any good explanation with examples are appreciated.
> > >
> > > thanks
> > >
> > > Mani
> > >
> > >
> > > B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> > > (416)431 9929
> > > MANI_CCIE@YAHOO.COM
> > >
> > > ---------------------------------
> > > Do you Yahoo!?
> > > Yahoo! Mail - 50x more storage than other providers!
> > >
> > > __________________________________________________________________
> > > __ __ _ Please help support GroupStudy by purchasing your study
> > > materials
> > > from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > __________________________________________________________________
> > > __ __ _ Please help support GroupStudy by purchasing your study
> > > materials
> > > from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > ____________________________________________________________________
> > __ _ Please help support GroupStudy by purchasing your study
> > materials
> > from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > ____________________________________________________________________
> > __ _ Please help support GroupStudy by purchasing your study
> > materials
> > from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Please help support GroupStudy by purchasing your study materials
> from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Please help support GroupStudy by purchasing your study materials
> from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Tom Young: "memory-size iomem command"
• Previous message: marc van hoof: "RE: dlsw+ LSAP filtering"
• Maybe in reply to: mani poopal: "dlsw+ LSAP filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:36 GMT-3