RE: How to filter DLSW+ traffic

From: Scott Morris (swm@emanon.com)
Date: Sat Mar 19 2005 - 15:58:14 GMT-3

• Next message: Jongsoo.Kim@Intelsat.com: "RE: Complex real-life BGP problem"
• Previous message: Scott Morris: "RE: RE: VoIP"
• Maybe in reply to: ccie zeng: "How to filter DLSW+ traffic"
• Next in thread: Danshtr: "Re: How to filter DLSW+ traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Well... Those aren't exactly helpful as they are the original RFC
implementation of DLSW. But a good idea to look there anyway!

Access-list 100 deny tcp any range 11000 11999 any eq 2065 (incoming)
Access-list 100 deny tcp any eq 2065 any range 11000 11999 (outgoing)
Access-list 100 deny udp any eq 0 any eq 2067 (incoming)
Access-list 100 deny udp any eq 2067 any eq 0 (outgoing)
Access-list 100 permit ip any any

The original way was from 2067 to 2065 both ways.

Scott

-----Original Message-----
From: Jongsoo.Kim@Intelsat.com [mailto:Jongsoo.Kim@Intelsat.com]
Sent: Saturday, March 19, 2005 1:32 PM
To: swm@emanon.com; ccie.candidate@gmail.com; ccielab@groupstudy.com
Subject: RE: How to filter DLSW+ traffic

Thanks Scott. I never thought about udp.

I check iana website http://www.iana.org/assignments/port-numbers

I found the below
# Steve Quintana <steve@icgresearch.com>
dlsrpn 2065/tcp Data Link Switch Read Port Number
dlsrpn 2065/udp Data Link Switch Read Port Number
# Amir Peless <amirp@radware.co.il>
# 2066 Unassigned
dlswpn 2067/tcp Data Link Switch Write Port Number
dlswpn 2067/udp Data Link Switch Write Port Number

So based on my finding, the access list to prevent ISDN interesting traffic
should be something like this.

access-list 100 deny tcp any any eq 2065
access-list 100 deny tcp any any eq 2067
access-list 100 deny tcp any eq 2065 any
access-list 100 deny tcp any eq 2067 any
access-list 100 deny udp any any eq 2065
access-list 100 deny udp any any eq 2067
access-list 100 deny udp any eq 2065 any
access-list 100 deny udp any eq 2067 any

Regards

Jongsoo

-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Saturday, March 19, 2005 8:08 AM
To: Kim, Jongsoo; ccie.candidate@gmail.com; ccielab@groupstudy.com
Subject: RE: How to filter DLSW+ traffic

If you are looking to use this for ISDN Interesting Traffic, don't forget
the UDP portion as well (ports listed earlier). Otherwise your line may
still go up/down.

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jongsoo.Kim@Intelsat.com
Sent: Saturday, March 19, 2005 2:29 AM
To: ccie.candidate@gmail.com; ccielab@groupstudy.com
Subject: RE: How to filter DLSW+ traffic

Access-list 100 deny tcp any any eq 2065 Access-list 100 deny tcp any eq
2065 any Access-list 100 permit ip any any

-----Original Message-----
From: ccie zeng [mailto:ccie.candidate@gmail.com]
Sent: Saturday, March 19, 2005 12:10 AM
To: ccielab@groupstudy.com
Subject: How to filter DLSW+ traffic

Hi:
Could anyone tell me how to filter DLSw+ traffic, using tcp 2065?

Thanks
Wei

• Next message: Jongsoo.Kim@Intelsat.com: "RE: Complex real-life BGP problem"
• Previous message: Scott Morris: "RE: RE: VoIP"
• Maybe in reply to: ccie zeng: "How to filter DLSW+ traffic"
• Next in thread: Danshtr: "Re: How to filter DLSW+ traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:48 GMT-3