Re: dlsw lsap-output-list

From: John Matus (jmatus@pacbell.net)
Date: Fri Nov 05 2004 - 16:33:35 GMT-3

• Next message: ccie2be: "Re: IEWB lab 13 dhcp & isdn task 4.3 and task 12.1"
• Previous message: Edwards, Andrew M: "RE: IEWB lab 13 dhcp & isdn task 4.3 and task 12.1"
• Maybe in reply to: John Matus: "dlsw lsap-output-list"
• Next in thread: Scott Morris: "RE: dlsw lsap-output-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

i see your point, but i was concerned that the lsap-output-list worked with
reverse logic, much the same way as a route map that denies sequence 10 and
then calls an access-list with a permit statement:

route-map example deny 10
match acl 1
acl 1 permit any

...thereby denying what you permitted. logically it makes sense that a
filter would deny what is listed rather than permitting it for the sole
reason that it is permitted without the filter (so why permit it again with
the filter)....
but if that is the case, then so be it. i want points!

Regards,

John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "Scott Morris" <swm@emanon.com>
To: "'John Matus'" <jmatus@pacbell.net>; "'lab'" <ccielab@groupstudy.com>
Sent: Thursday, November 04, 2004 8:31 PM
Subject: RE: dlsw lsap-output-list

> It's an access list just like any other. ;)
>
> If you want to deny 10.0.0.0/8, would you deny it or permit it?
>
> The answer, of course, is that it depends on the application of the ACL.
> Thinking from the routers' perspective, when getting ready to send packets
> out (output list), if something is denied going out, would you send it?
>
> Always think from the routers' perspective! Your router will appreciate
> it,
> or at least your score will reflect that!
>
> HTH,
>
>
> Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service Provider)
> #4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications Specialist,
> IP
> Telephony Support Specialist, IP Telephony Design Specialist, CISSP
> CCSI #21903
> swm@emanon.com
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> John
> Matus
> Sent: Thursday, November 04, 2004 9:40 PM
> To: lab
> Subject: dlsw lsap-output-list
>
> when you want to deny a protocol <SNA> with the dlsw
> remote...lsap-output-list, do you deny in the sap acl or permit?
>
> access-list 200 deny 0x000 0d0d
> access-list 200 permit 0x000 FFFF OR
>
> access-list 200 permit 0x000 0d0d
>
>
> Regards,
>
> John D. Matus
> MCSE, CCNP
> Office: 818-782-2061
> Cell: 818-430-8372
> jmatus@pacbell.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ccie2be: "Re: IEWB lab 13 dhcp & isdn task 4.3 and task 12.1"
• Previous message: Edwards, Andrew M: "RE: IEWB lab 13 dhcp & isdn task 4.3 and task 12.1"
• Maybe in reply to: John Matus: "dlsw lsap-output-list"
• Next in thread: Scott Morris: "RE: dlsw lsap-output-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:38 GMT-3