From: ccie2be (ccie2be@nyc.rr.com)
Date: Tue Oct 05 2004 - 11:27:38 GMT-3
Thanks.
Are you saying that if an acl is used, netbios explorers won't be filtered
so that with icannotreach more traffic is actually filtered?
I'm trying to understand how the wording of the question would lead me to
use one method over the other.
Tim
----- Original Message -----
From: "chris kane" <cakane@insight.rr.com>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Tuesday, October 05, 2004 10:05 AM
Subject: Re: Dlsw filtering
> > Hi guys,
> >
> > In a situation where there are only 2 dlsw peers, A and B, and you want
to
> > prevent, for example, netbios traffic from A to B, can this
> > be done by both of the following methods:
> >
> > 1) Configure on A an acl that deny's netbios traffic & allows everything
> else
> >
> >
> > and
> >
> >
> > 2) Configure on B the command icannotreach F0
> >
> > To me these 2 methods seem functionally equivalent and I'd like to know
if
> > anyone knows otherwise.
> >
>
> I think you are correct in saying that they both accomplish the filtering
> equally well. But the icanreach/icannotreach feature provides the ability
to
> share with those capabilities with the peer. So if the desire is to get a
> peer to cache the information and reduce explorer traffic, then the
> icanreach/icannotreach offers more than simply local filtering.
>
> -chris
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:43 GMT-3