From: gladston@br.ibm.com
Date: Thu Jul 21 2005 - 14:44:43 GMT-3
RFC2067 says:
"DLSws implementing these enhancements will use a TCP destination port
of 2067 (as opposed to RFC 1795 which uses 2065) for single session
TCP connections."
Cisco uses tcp 2065 to connect to the peer:
Rack2R4#sh dls pee
Peers: state pkts_rx pkts_tx type drops ckts TCP uptime
TCP 148.5.2.1 CONNECT 274 266 prom 0 0 0 02:12:37
TCP 148.5.1.1 CONNECT 284 292 prom 0 0 0 02:18:54
Total number of connected peers: 2
Total number of connections: 2
Rack2R4#sh tcp brief
TCB Local Address Foreign Address (state)
83258FC8 148.5.4.1.11031 148.5.2.1.2065 ESTAB
83257F3C 148.5.4.1.11027 148.5.1.1.2065 ESTAB
And logging messages shows there is udp port 2067 going on too:
*Mar 1 04:27:21: %SEC-6-IPACCESSLOGP: list
Returning-traffic denied udp 148.5.1.1(0) (Serial0/0 ) -> 148.5.4.1(2067), 6 packets
So, it seems to be enough for Cisco DLSW operate fine:
permit tcp any any eq 2065 (12 matches)
permit udp any any eq 2067 (15)
permit tcp any eq 2065 any log-input (568 matches)
permit udp any eq 2067 any log-input (10)
deny ip any any log-input
Would you agree?
If some day IOS strictly followns DLSW v2, tcp 2067 will be necessary.
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3