Re: Dlsw

From: mani poopal (mani_ccie@yahoo.com)
Date: Thu Sep 30 2004 - 17:32:36 GMT-3

• Next message: Nancy Khln: "RE: Bootcamps"
• Previous message: George Gittins: "RE: Passing CCIE written now recertifies CCNP/DP/IP..."
• Maybe in reply to: ccie2be: "Dlsw"
• Next in thread: ccie2be: "Re: Dlsw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Tim,
 
Since you are reviewing dlsw I thought of asking this doubt. Assume you want to allow only mac address starting with ABCD.11BB.xxxx from router B to Router A by using access-list(dmac-output-list permit statment. Pls look at following configuration. Is this configuration must be given on router A or B
 
hosts(ABCD.11BB.xxxx)--RA----------dlsw------------RB
 
access-list 701 permit ABCD.11BB.0000 0000.0000.ffff
access-list 701 permit c000.0000.0000 0000.0000.0000
 
dlsw prom-peer-defaults dmac-output-list 701
 
My doubt is where to apply this command, on the remote side(router B) or local side(router A). My assumption is for filtering we have to give this command on remote side and with I can reach command the configuration must be given on the local side(router A). According to Karl Solie, for mac address filtering we need the above second access list statement. Pls look and give your feedback.
ASSUMPTIONS: PROMISCOUS PEERS AND NON CANONICAL MAC ADDRESS
 
thanks
 
Mani
 

ccie2be <ccie2be@nyc.rr.com> wrote:
Hey Mani,
 
It's my understanding that whenever you must specify a mac address in the context of dlsw, it must always be specified in Token-Ring (non-cononical) format. This is true for any acl's or anything that requires a mac address be specified.
 
Tim
----- Original Message -----
From: mani poopal
To: Scott Morris ; 'ccie2be' ; 'Group Study'
Sent: Thursday, September 30, 2004 1:37 PM
Subject: RE: Dlsw

Hi Scott,
 
Whenever you want to filter any mac address in dlsw, by using icanreach command or filtering(by any three methods ie: remote peer statment, prom-peer default statement or peer-on-demand default statements), do we have to change the given mac address in to non canonical format(assume in the scenario they are not specifying mac address format ie:ethernet or token ring)
 
thanks
 
Mani

Scott Morris <swm@emanon.com> wrote:
Correct. While advertised during the peer's capabilities exchange, I may
tell you one thing, but in your remote-peer statement to me, you "know
better" and whatever value you have locally for our peering relationship
overrides what I may try to tell you.

HTH,

Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIP, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Thursday, September 30, 2004 12:29 PM
To: Group Study
Subject: Dlsw

Hi guys,

I've noticed that some parameters e.g. cost, circuit weight, etc can be used
on both the dlsw local peer and dlsw remote peer commands.

Is it always true that if the same parameter is configured on both dlsw peer
(local & remote), the parameter configured on the remote command takes
precedence?

TIA, Tim

• Next message: Nancy Khln: "RE: Bootcamps"
• Previous message: George Gittins: "RE: Passing CCIE written now recertifies CCNP/DP/IP..."
• Maybe in reply to: ccie2be: "Dlsw"
• Next in thread: ccie2be: "Re: Dlsw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:51 GMT-3