RE: dlsw lsap-output-list

From: Scott Morris (swm@emanon.com)
Date: Sat Nov 06 2004 - 01:30:46 GMT-3

• Next message: asfar sayed: "ATM Help"
• Previous message: Gaya thry: "ATM Part"
• Maybe in reply to: John Matus: "dlsw lsap-output-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In a route-map, however, your permit in the ACL is to permit a MATCH. The
match will then do whatever your set or route-map permit/deny is set to!

So in an LSAP output list, the permit or deny will do exactly that, be
applied as an LSAP output list. The ACL behavior is exactly the same all
the time.

The criteria you are using to apply the ACL varies from place to place!

HTH,

Scott

-----Original Message-----
From: John Matus [mailto:jmatus@pacbell.net]
Sent: Friday, November 05, 2004 2:34 PM
To: Scott Morris; 'lab'
Subject: Re: dlsw lsap-output-list

i see your point, but i was concerned that the lsap-output-list worked with
reverse logic, much the same way as a route map that denies sequence 10 and
then calls an access-list with a permit statement:

route-map example deny 10
match acl 1
acl 1 permit any

...thereby denying what you permitted. logically it makes sense that a
filter would deny what is listed rather than permitting it for the sole
reason that it is permitted without the filter (so why permit it again with
the filter)....
but if that is the case, then so be it. i want points!

Regards,

John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "Scott Morris" <swm@emanon.com>
To: "'John Matus'" <jmatus@pacbell.net>; "'lab'" <ccielab@groupstudy.com>
Sent: Thursday, November 04, 2004 8:31 PM
Subject: RE: dlsw lsap-output-list

> It's an access list just like any other. ;)
>
> If you want to deny 10.0.0.0/8, would you deny it or permit it?
>
> The answer, of course, is that it depends on the application of the ACL.
> Thinking from the routers' perspective, when getting ready to send packets
> out (output list), if something is denied going out, would you send it?
>
> Always think from the routers' perspective! Your router will appreciate
> it,
> or at least your score will reflect that!
>
> HTH,
>
>
> Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service Provider)
> #4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications Specialist,
> IP
> Telephony Support Specialist, IP Telephony Design Specialist, CISSP
> CCSI #21903
> swm@emanon.com
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> John
> Matus
> Sent: Thursday, November 04, 2004 9:40 PM
> To: lab
> Subject: dlsw lsap-output-list
>
> when you want to deny a protocol <SNA> with the dlsw
> remote...lsap-output-list, do you deny in the sap acl or permit?
>
> access-list 200 deny 0x000 0d0d
> access-list 200 permit 0x000 FFFF OR
>
> access-list 200 permit 0x000 0d0d
>
>
> Regards,
>
> John D. Matus
> MCSE, CCNP
> Office: 818-782-2061
> Cell: 818-430-8372
> jmatus@pacbell.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: asfar sayed: "ATM Help"
• Previous message: Gaya thry: "ATM Part"
• Maybe in reply to: John Matus: "dlsw lsap-output-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:39 GMT-3