From: marc van hoof (mvh@marcvanhoof.com)
Date: Sun Aug 22 2004 - 23:48:12 GMT-3
> If, for example, I configure a class-based policy and apply it with the
> service input command on the interface, does the policy not apply to
> traffic
> coming into the interface from the ISP?
Yes
> What happens if that same policy
> is
> misconfigured with "service output" instead?
>
Umm, It applies to traffic going the other way.
Careful though - shaping is only an outbound thing... policing is either
direction.
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Joseph D. Phillips
> Sent: Monday, 23 August 2004 5:48 AM
> To: ccielab@groupstudy.com
> Subject: Policing using CB or CAR
>
> I'm reading Wendell Odom's and Michael J. Cavanaugh's "Cisco DQoS Exam
> Certification Guide," ISBN 1-58720-058-9, in an effort to better-
> understand
> shaping, policing, marking, congestion management, congestion avoidance,
> etc.
>
> I'm having trouble understanding the term "input," or even "in," when
> applied to an edge router's ISP-facing interface.
>
> If, for example, I configure a class-based policy and apply it with the
> service input command on the interface, does the policy not apply to
> traffic
> coming into the interface from the ISP? What happens if that same policy
> is
> misconfigured with "service output" instead?
>
>
> ----- Original Message -----
> From: "Scott Morris" <swm@emanon.com>
> To: <k_kaloianov@eircom.net>; <ccielab@groupstudy.com>
> Sent: Sunday, August 22, 2004 12:34 PM
> Subject: RE: NetBIOS and SNA
>
>
> > Response SAPs are only in the source part, never will exist in
> destination.
> > :)
> >
> > So technically, your mask would be 0x0001. However, being that the
> docCD
> is
> > a defensible position, on the lab do whatever they do.
> >
> > Following that logic, if you have no commands, you can't possibly have a
> > response, so your exact match mask would work perfectly fine as well.
> With
> > DLSW, you can also use the icannotreach commands to say unavailable.
> >
> > HTH,
> >
> >
> > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> CISSP,
> > JNCIP, et al.
> > IPExpert CCIE Program Manager
> > IPExpert Sr. Technical Instructor
> > swm@emanon.com/smorris@ipexpert.net
> > http://www.ipexpert.net
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > k_kaloianov@eircom.net
> > Sent: Sunday, August 22, 2004 11:13 AM
> > To: ccielab@groupstudy.com
> > Subject: Re: NetBIOS and SNA
> >
> > Hi Georg,
> >
> > I was wondering the same thing myself but what I found out recently is
> that:
> > When using access-lists for you have to consider that a SAP could be
> either
> > command or response, which is appointed by a C/R bit in the SSAP, 0 for
> > commands and 1 for responses, and this will be SSAP 0x5 will be response
> to
> > SAP 0x4, which all are included in 0x0d0d. If you want to block
> everytning
> > in NETBIOS 0xF1 and 0xF0, your wildcard mask will be 0x0101, and on the
> > other hand if you want to block just 0xF0F0 then you could use wildcard
> of
> > 0x0000. This is how I'm trying to explain it to myself, hope it makes
> sense?
> >
> >
> > Reg,
> > Kaloyan
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:47 GMT-3