From: ccie2be (ccie2be@nyc.rr.com)
Date: Tue Aug 10 2004 - 14:26:17 GMT-3
Once upon a time I might have known the 0x800 for IP, but then it was only
for an hour or so and I haven't had a reason to think about it until this
problem came up.
But, what about STP, CDP, & arp. If there's a debug that would show these
values, would a mere mortal be able to decipher it?
Personally, I find that about 80% or more of what's shown in the output of
debugs is meaningless although occasionally I'm able to get the info I'm
looking for.
But, maybe someone knowns if this is hidden somewhere on the Doc CD and
could point it's location out to us.
Thanks, Tim
----- Original Message -----
From: "Koen Peetermans" <K.Peetermans@chello.be>
To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
<ccielab@groupstudy.com>
Sent: Tuesday, August 10, 2004 12:41 PM
Subject: RE: vlan-map filters
> Never found it on the doc CD.
>
> You should be able to remember the 0x806 for arp since you know the 0x800
> for IP ;-)
>
> I found a way to find them on the lab should I forget them, but it is
really
> going a long way around :
>
> Put ISIS routing and a bridge group on a frame-relay interface, if needed
> with a map statement, and then do "debug frame-relay", which will show you
> the last two values in the debugging.
>
> I'm sure somebody knows an easier way of doing it ;-)
>
> Kind regards,
>
> Koen.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> ccie2be
> Sent: dinsdag 10 augustus 2004 17:38
> To: Group Study
> Subject: vlan-map filters
>
> Hi guys,
>
> From IE lab 11, task 1.16 and 1.17
>
> Problem:
>
> Allow only ip traffic on vlan 56, however, if other behind the scenes
> traffic
> is NOT allowed, there'll be big trouble in Cisco lab city.
>
>
> Solution:
>
> ip access-list extended IPONLY
> permit ip any any
> !
> mac access-list extended IP_ARP
> permit any any 0x806 0x0 < --- Can this found on Doc CD?
>
> mac access-list extended IS-IS
> permit any any lsap 0xFEFE 0x0 < ---- Can this found on Doc CD?
>
> mac access-list extended IEEE-STP
> permit any any lsap 0x4242 0x0 < ---- Can this found on Doc CD?
> !
> vlan access-map IPONLY 10
> action forward
> match ip address IPONLY
>
> vlan access-map IPONLY 20
> action forward
> match mac address IP_ARP
>
> vlan access-map IPONLY 30
> action forward
> match mac address IS-IS
>
> vlan access-map IPONLY 40
> action forward
> match mac address IEEE-STP
>
> vlan access-map IPONLY 50
> action drop
> vlan filter IPONLY vlan-list 56
>
> vlan filter IPONLY vlan-list 56
>
> Question: Does anybody know where on the Doc-CD the codes used match
these
> traffic types can be found? I've looked but came up empty.
>
> Also, cdp traffic will be dropped by the above vlan filter. Is that a
good
> idea?
>
> Thanks, Tim
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:36 GMT-3