From: Ryan, Jeff (jryan@netcogov.com)
Date: Tue Aug 10 2004 - 15:11:33 GMT-3
Tim, the only place I've been able to find it in the past has been under
the 350 wirless bridge section...
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/350brd
gs/brscg/br350axa.htm
Jeff
Jeff Ryan
Chief Design Engineer
WAM!NET Government Services is now Netco Government Services, Inc.
13665 Dulles Technology Drive, Herndon, VA 20171
My Email address has changed to: jryan@netcogov.com on 8/1/04
Mobile: 301-675-7344
AIM: Jeff Ryan WN Get my pgp key @ http://pgpkeys.mit.edu
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Tuesday, August 10, 2004 1:26 PM
To: Koen Peetermans; 'Group Study'
Subject: Re: vlan-map filters
Once upon a time I might have known the 0x800 for IP, but then it was
only for an hour or so and I haven't had a reason to think about it
until this problem came up.
But, what about STP, CDP, & arp. If there's a debug that would show
these values, would a mere mortal be able to decipher it?
Personally, I find that about 80% or more of what's shown in the output
of debugs is meaningless although occasionally I'm able to get the info
I'm looking for.
But, maybe someone knowns if this is hidden somewhere on the Doc CD and
could point it's location out to us.
Thanks, Tim
----- Original Message -----
From: "Koen Peetermans" <K.Peetermans@chello.be>
To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
<ccielab@groupstudy.com>
Sent: Tuesday, August 10, 2004 12:41 PM
Subject: RE: vlan-map filters
> Never found it on the doc CD.
>
> You should be able to remember the 0x806 for arp since you know the
0x800
> for IP ;-)
>
> I found a way to find them on the lab should I forget them, but it is
really
> going a long way around :
>
> Put ISIS routing and a bridge group on a frame-relay interface, if
needed
> with a map statement, and then do "debug frame-relay", which will show
you
> the last two values in the debugging.
>
> I'm sure somebody knows an easier way of doing it ;-)
>
> Kind regards,
>
> Koen.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> ccie2be
> Sent: dinsdag 10 augustus 2004 17:38
> To: Group Study
> Subject: vlan-map filters
>
> Hi guys,
>
> From IE lab 11, task 1.16 and 1.17
>
> Problem:
>
> Allow only ip traffic on vlan 56, however, if other behind the scenes
> traffic
> is NOT allowed, there'll be big trouble in Cisco lab city.
>
>
> Solution:
>
> ip access-list extended IPONLY
> permit ip any any
> !
> mac access-list extended IP_ARP
> permit any any 0x806 0x0 < --- Can this found on Doc
CD?
>
> mac access-list extended IS-IS
> permit any any lsap 0xFEFE 0x0 < ---- Can this found on Doc CD?
>
> mac access-list extended IEEE-STP
> permit any any lsap 0x4242 0x0 < ---- Can this found on Doc
CD?
> !
> vlan access-map IPONLY 10
> action forward
> match ip address IPONLY
>
> vlan access-map IPONLY 20
> action forward
> match mac address IP_ARP
>
> vlan access-map IPONLY 30
> action forward
> match mac address IS-IS
>
> vlan access-map IPONLY 40
> action forward
> match mac address IEEE-STP
>
> vlan access-map IPONLY 50
> action drop
> vlan filter IPONLY vlan-list 56
>
> vlan filter IPONLY vlan-list 56
>
> Question: Does anybody know where on the Doc-CD the codes used match
these
> traffic types can be found? I've looked but came up empty.
>
> Also, cdp traffic will be dropped by the above vlan filter. Is that a
good
> idea?
>
> Thanks, Tim
>
>
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:37 GMT-3