From: Tom Lijnse (Tom.Lijnse@globalknowledge.nl)
Date: Tue Nov 23 2004 - 06:10:29 GMT-3
Hi Matt,
I have never gotten access-expressions to work on Ethernet in any of the
tests that I've done. Even very simple expressions that should have
blocked everything still passed traffic through.
Though I haven't been able to find it in the documentation it seems like
this is a token-ring-only feature (which would explain why it's in the
SRB chapter).
If you search through the groupstudy archives for 'access-expression'
and 'ethernet' you'll find a number of threads of other people
experiencing the same issue.
Tom Lijnse
CCIE #11031
Global Knowledge Netherlands
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Matt Mullen
Sent: vrijdag 19 november 2004 15:56
To: ccielab@groupstudy.com
Subject: access-expression and dlsw
Having some trouble with configuration of an access expression for
filtering in DLSW. Do access expression's work if you are not doing
Source Route Bridging? I have the following configuration:
access-list 201 deny 0x0000 0xFFFF
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
bridge 1 protocol ieee
interface Ethernet0
ip address 150.50.17.2 255.255.255.0
access-expression input (smac(700) & lsap(201))
bridge-group 1
The access expression does not seem to be working because the FEP
(router running DSPU) attached to the Ethernet segment is able to
establish communication with the remote device even after I issue
clear dlsw circuit:
R2#show dlsw cir
Index local addr(lsap) remote addr(dsap) state
uptime
1644167437 5555.5555.5555(04) 3333.3333.3333(04) CONNECTED
00:09:22
Total number of circuits connected: 1
The Doc CD lists the access-expression command as part of SRB
configuration. Is there a problem with my configuration, or can the
access expression only be used when doing SRB, and therefore, Token
Ring?
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:49 GMT-3