From: Matt Mullen (mullenm@gmail.com)
Date: Tue Nov 23 2004 - 11:12:43 GMT-3
Hi Tom,
Thanks for confirming that. So far your response is the only one I
have gotten on this. The thing that was killing me was that the
workbook i'm using gives you a task requiring to configure the access
expression on ethernet, so I thought it must work. I did search the
archives and saw the posts where people were having problems with it,
but there didn't seem to be any definitive answer. At this point I
have tried loading different IOS versions and feature sets and still
it does not work. That coupled with the documentation listing
access-expressions in the SRB section makes me comfortable with the
conclusion that access expressions only work on Token Ring. You can
apply them on an ethernet interface but they have no affect. If
anybody has ever been able to get an access-expression work on
ethernet, please respond.
Thanks,
Matt
On Tue, 23 Nov 2004 10:10:29 +0100, Tom Lijnse
<tom.lijnse@globalknowledge.nl> wrote:
> Hi Matt,
>
> I have never gotten access-expressions to work on Ethernet in any of the
> tests that I've done. Even very simple expressions that should have
> blocked everything still passed traffic through.
> Though I haven't been able to find it in the documentation it seems like
> this is a token-ring-only feature (which would explain why it's in the
> SRB chapter).
>
> If you search through the groupstudy archives for 'access-expression'
> and 'ethernet' you'll find a number of threads of other people
> experiencing the same issue.
>
> Tom Lijnse
> CCIE #11031
> Global Knowledge Netherlands
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Matt Mullen
> Sent: vrijdag 19 november 2004 15:56
> To: ccielab@groupstudy.com
> Subject: access-expression and dlsw
>
> Having some trouble with configuration of an access expression for
> filtering in DLSW. Do access expression's work if you are not doing
> Source Route Bridging? I have the following configuration:
>
> access-list 201 deny 0x0000 0xFFFF
> access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
>
> bridge 1 protocol ieee
>
> interface Ethernet0
> ip address 150.50.17.2 255.255.255.0
> access-expression input (smac(700) & lsap(201))
> bridge-group 1
>
> The access expression does not seem to be working because the FEP
> (router running DSPU) attached to the Ethernet segment is able to
> establish communication with the remote device even after I issue
> clear dlsw circuit:
>
> R2#show dlsw cir
> Index local addr(lsap) remote addr(dsap) state
> uptime
> 1644167437 5555.5555.5555(04) 3333.3333.3333(04) CONNECTED
> 00:09:22
> Total number of circuits connected: 1
>
> The Doc CD lists the access-expression command as part of SRB
> configuration. Is there a problem with my configuration, or can the
> access expression only be used when doing SRB, and therefore, Token
> Ring?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:49 GMT-3