RE: vlan-map filters

From: Koen Peetermans (K.Peetermans@chello.be)
Date: Tue Aug 10 2004 - 13:55:15 GMT-3

• Next message: TAN CHOH KOON: "ISIS - Answer Verification"
• Previous message: Koen Peetermans: "RE: vlan-map filters"
• Maybe in reply to: ccie2be: "vlan-map filters"
• Next in thread: ccie2be: "Re: vlan-map filters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Should have been "debug frame-relay packet".

Rack1R4#sh debug
Frame Relay:
  Frame Relay packet debugging is on

Rack1R4#
00:06:54: Serial0/0: broadcast search
00:06:54: DLCI 413 is either deleted or inactive
00:06:54: Serial0/0.405: broadcast search
00:06:54: Serial0/0.405(o): dlci 405(0x6451), pkt type
0x4242(IEEE_SPANNING), datagramsize 39
00:06:54: broadcast dequeue
00:06:54: Serial0/0.405(o):Pkt sent on dlci 405(0x6451),
pkt type 0x4242(IEEE_SPANNING), datagramsize 39
00:06:55: Serial0/0.405: broadcast search
00:06:55: Serial0/0.405(o): dlci 405(0x6451),
pkt type 0xFEFE(CLNS), datagramsize 1504
00:06:55: broadcast dequeue
00:06:55: Serial0/0.405(o):Pkt sent on dlci 405(0x6451),
pkt type 0xFEFE(CLNS), datagramsize 1504

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Koen
Peetermans
Sent: dinsdag 10 augustus 2004 18:41
To: 'ccie2be'; 'Group Study'
Subject: RE: vlan-map filters

Never found it on the doc CD.

You should be able to remember the 0x806 for arp since you know the 0x800
for IP ;-)

I found a way to find them on the lab should I forget them, but it is really
going a long way around :

Put ISIS routing and a bridge group on a frame-relay interface, if needed
with a map statement, and then do "debug frame-relay", which will show you
the last two values in the debugging.

I'm sure somebody knows an easier way of doing it ;-)

Kind regards,

Koen.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: dinsdag 10 augustus 2004 17:38
To: Group Study
Subject: vlan-map filters

Hi guys,

From IE lab 11, task 1.16 and 1.17

Problem:

Allow only ip traffic on vlan 56, however, if other behind the scenes
traffic
is NOT allowed, there'll be big trouble in Cisco lab city.

Solution:

ip access-list extended IPONLY
permit ip any any
!
mac access-list extended IP_ARP
permit any any 0x806 0x0 < --- Can this found on Doc CD?

mac access-list extended IS-IS
permit any any lsap 0xFEFE 0x0 < ---- Can this found on Doc CD?

mac access-list extended IEEE-STP
permit any any lsap 0x4242 0x0 < ---- Can this found on Doc CD?
!
vlan access-map IPONLY 10
action forward
match ip address IPONLY

vlan access-map IPONLY 20
action forward
match mac address IP_ARP

vlan access-map IPONLY 30
action forward
match mac address IS-IS

vlan access-map IPONLY 40
action forward
match mac address IEEE-STP

vlan access-map IPONLY 50
action drop
vlan filter IPONLY vlan-list 56

vlan filter IPONLY vlan-list 56

Question: Does anybody know where on the Doc-CD the codes used match these
traffic types can be found? I've looked but came up empty.

Also, cdp traffic will be dropped by the above vlan filter. Is that a good
idea?

Thanks, Tim

• Next message: TAN CHOH KOON: "ISIS - Answer Verification"
• Previous message: Koen Peetermans: "RE: vlan-map filters"
• Maybe in reply to: ccie2be: "vlan-map filters"
• Next in thread: ccie2be: "Re: vlan-map filters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:36 GMT-3