From: ccie2be (ccie2be@nyc.rr.com)
Date: Tue Aug 10 2004 - 22:19:20 GMT-3
I'd like to except I don't have access to any 3550's until my next rack
rental date which isn't until August 24.
But, maybe you could tell me what would happen if I tested this. Also, to
really test this wouldn't I need some source of IPX traffic? Or, is there a
way to test this without having a source of IPX traffic?
BTW, I found a listing of ethertypes at the link Marvin Greenlee posted a
bit earlier:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/cnfg_nts/token/4158_02.htm#10845
This listing is accurate, isn't it?
Thanks
----- Original Message -----
From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Tuesday, August 10, 2004 8:47 PM
Subject: RE: vlan-map filters to deny IPX traffic
> Did you test it? :)
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > ccie2be
> > Sent: Tuesday, August 10, 2004 4:59 PM
> > To: Brian McGahan; Group Study
> > Subject: Re: vlan-map filters to deny IPX traffic
> >
> > Jeez, I guess I'm still thinking from old ACRC course.
> >
> > OK, IPX ether type is 8137 and 8138, so would this ether type acl be
> > correct
> > for the 3550?
> >
> > mac access-list extended NO-IPX
> > deny any any 0x8137 0x0001
> >
> > Am I getting warm?
> >
> > Thanks, Tim
> >
> >
> > ----- Original Message -----
> > From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> > To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
> <ccielab@groupstudy.com>
> > Sent: Tuesday, August 10, 2004 5:33 PM
> > Subject: RE: vlan-map filters
> >
> >
> > > What is the Ether-Type value for IPX?
> > >
> > > Brian McGahan, CCIE #8593
> > > bmcgahan@internetworkexpert.com
> > >
> > > Internetwork Expert, Inc.
> > > http://www.InternetworkExpert.com
> > > Toll Free: 877-224-8987 x 705
> > > Outside US: 775-826-4344 x 705
> > > 24/7 Support: http://forum.internetworkexpert.com
> > > Live Chat: http://www.internetworkexpert.com/chat/
> > >
> > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> > > Of
> > > > ccie2be
> > > > Sent: Tuesday, August 10, 2004 4:17 PM
> > > > To: Brian McGahan; Group Study
> > > > Subject: Re: vlan-map filters
> > > >
> > > > Brian,
> > > >
> > > > Is there a way to explicitly deny IPX traffic on a 3550? I
> thought
> > > the
> > > > 3550
> > > > only supports IP and mac address acl's. Am I mistaken?
> > > >
> > > > Thanks,
> > > > ----- Original Message -----
> > > > From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> > > > To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
> > > <ccielab@groupstudy.com>
> > > > Sent: Tuesday, August 10, 2004 2:41 PM
> > > > Subject: RE: vlan-map filters
> > > >
> > > >
> > > > Tim,
> > > >
> > > > This type of question is really beyond the scope of the lab
> > > > exam, as I highly doubt they want you to remember the LSAP values
> of
> > > the
> > > > different protocols. Instead, this task is meant to be a slap on
> the
> > > > wrist to show you how NOT to configure VACLs :)
> > > >
> > > > Normal ACL filtering dictates that you permit only what you
> > > > want, and deny everything else. When using VACLs, you should deny
> > > what
> > > > you don't want, and permit everything else. Otherwise you tend to
> > > > forget all the necessary layer 2 protocols that are keeping the
> > > network
> > > > alive.
> > > >
> > > >
> > > > HTH,
> > > >
> > > > Brian McGahan, CCIE #8593
> > > > bmcgahan@internetworkexpert.com
> > > >
> > > > Internetwork Expert, Inc.
> > > > http://www.InternetworkExpert.com
> > > > Toll Free: 877-224-8987 x 705
> > > > Outside US: 775-826-4344 x 705
> > > > 24/7 Support: http://forum.internetworkexpert.com
> > > > Live Chat: http://www.internetworkexpert.com/chat/
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> > > > Of
> > > > > ccie2be
> > > > > Sent: Tuesday, August 10, 2004 10:38 AM
> > > > > To: Group Study
> > > > > Subject: vlan-map filters
> > > > >
> > > > > Hi guys,
> > > > >
> > > > > From IE lab 11, task 1.16 and 1.17
> > > > >
> > > > > Problem:
> > > > >
> > > > > Allow only ip traffic on vlan 56, however, if other behind the
> > > scenes
> > > > > traffic
> > > > > is NOT allowed, there'll be big trouble in Cisco lab city.
> > > > >
> > > > >
> > > > > Solution:
> > > > >
> > > > > ip access-list extended IPONLY
> > > > > permit ip any any
> > > > > !
> > > > > mac access-list extended IP_ARP
> > > > > permit any any 0x806 0x0 < --- Can this found on
> Doc
> > > > CD?
> > > > >
> > > > > mac access-list extended IS-IS
> > > > > permit any any lsap 0xFEFE 0x0 < ---- Can this found on Doc
> CD?
> > > > >
> > > > > mac access-list extended IEEE-STP
> > > > > permit any any lsap 0x4242 0x0 < ---- Can this found on
> Doc
> > > > CD?
> > > > > !
> > > > > vlan access-map IPONLY 10
> > > > > action forward
> > > > > match ip address IPONLY
> > > > >
> > > > > vlan access-map IPONLY 20
> > > > > action forward
> > > > > match mac address IP_ARP
> > > > >
> > > > > vlan access-map IPONLY 30
> > > > > action forward
> > > > > match mac address IS-IS
> > > > >
> > > > > vlan access-map IPONLY 40
> > > > > action forward
> > > > > match mac address IEEE-STP
> > > > >
> > > > > vlan access-map IPONLY 50
> > > > > action drop
> > > > > vlan filter IPONLY vlan-list 56
> > > > >
> > > > > vlan filter IPONLY vlan-list 56
> > > > >
> > > > > Question: Does anybody know where on the Doc-CD the codes used
> > > match
> > > > > these
> > > > > traffic types can be found? I've looked but came up empty.
> > > > >
> > > > > Also, cdp traffic will be dropped by the above vlan filter. Is
> that
> > > a
> > > > > good
> > > > > idea?
> > > > >
> > > > > Thanks, Tim
> > > > >
> > > > >
> > > >
> > >
> _______________________________________________________________________
> > > > > Please help support GroupStudy by purchasing your study
> materials
> > > > from:
> > > > > http://shop.groupstudy.com
> > > > >
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > >
> _______________________________________________________________________
> > > > Please help support GroupStudy by purchasing your study materials
> > > from:
> > > > http://shop.groupstudy.com
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> _______________________________________________________________________
> > > Please help support GroupStudy by purchasing your study materials
> from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials
> from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:41 GMT-3