From: Elias Aggelidis (eaggel@xxxxxxxxxxx)
Date: Thu Apr 19 2001 - 20:12:27 GMT-3
Dear David,
Reading the document I came to the following :
DLSW ICANREACH / ICANNOTREACH SAP / MAC is
used only for the incoming traffic ! (It prevents its peers to send to him
unsupported traffic)
On the other hand
dlsw remote-peer 0 tcp 1.1.1.1 lsap-output-list 200
It will prevent MY ROUTER from sending to its peers unwanted traffic !
I think that this is clear now.
Thanks Group
Regards
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of David
Anderson
Sent: Paqasjeu^, 20 Apqik_ou 2001 1:51 pl
To: ccielab@groupstudy.com
Cc: Elias Aggelidis
Subject: Re: DLSW+ question : ROUTERX SHOULD SEND SNA TRAFFIC ONLY.
Elias,
You can use the following to permit all SNA types and deny everything else:
access-list 200 permit 0x0000 0x0D0D
access-list 200 deny 0x0000 0xFFFF
Here is a link:
http://www.cisco.com/warp/public/697/dlswfilter.shtml
HTH,
David
At 05:37 PM 4/19/2001 -0500, Johnny Dedon wrote:
>Elias,
>I think what they want here is access-list 200 permit 0x0404 0x0D0D applied
>with lsap-output-list 200 on the dlsw remote-peer statement.
>
>----- Original Message -----
>From: "Elias Aggelidis" <eaggel@algo.com.gr>
>To: "Ccielab@Groupstudy.Com" <ccielab@groupstudy.com>
>Sent: Thursday, April 19, 2001 5:08 PM
>Subject: DLSW+ question : ROUTERX SHOULD SEND SNA TRAFFIC ONLY.
>
>
> > Dear Group,
> >
> > I am trying to implement the following question.
> >
> > Router X should only send SNA traffic. (You may assume that the only SAP
> > we are interesting is 0x04, 0x08).
> >
> > In real life I would have use the following command
> >
> > dlsw icanreach saps 04 08
> >
> > Which means that the router can reach only this SAPs and nothing else
> >
> > ( This is what the command is doing as it is discribed on the
Documention
>CD
> > > This command can be entered at any time. It causes a capabilities
> > exchange
> > > to relay the information to all active peers. By specifying resource
> > names or
> > > MAC addresses in this command, you can avoid broadcasts from remote
>peers
> > > that are looking for this resource. By specifying "exclusive" you can
> > > avoid broadcasts to this router or any resources. For example, you
>could
> > > configure the front-end processor (FEP) MAC address or corporate site
>LAN
> > > servers in central site routers to avoid any broadcasts over the WAN
> > > for these resources.
> > )
> >
> > After applying the command on the router, the dlsw local capabilities
has
> > been changed to the follow output :
> >
> > Rack7R5#sh dlsw capabilities local
> > DLSw: Capabilities for local peer 133.77.5.5
> > vendor id (OUI) : '00C' (cisco)
> > version number : 2
> > release number : 0
> > init pacing window : 20
> > unsupported saps : 0 2 6 A C E 10 12 14 16 18 1A 1C 1E 20 22
24
>26
> > 28 2A 2C 2E 30 32 34 36 38 3A 3C 3E 40 42 44 46 48 4A 4C 4E 50 52 54 56
58
> > 5A 5C 5E 60 62 64 66 68 6A 6C 6E 70 72 74 76 78 7A 7C 7E 80 82 84 86 88
8A
> > 8C 8E 90 92 94 96 98 9A 9C 9E A0 A2 A4 A6 A8 AA AC AE B0 B2 B4 B6 B8 BA
BC
> > BE C0 C2 C4 C6 C8 CA CC CE D0 D2 D4 D6 D8 DA DC DE E0 E2 E4 E6 E8 EA EC
EE
> > F0 F2 F4 F6 F8 FA FC FE
> > num of tcp sessions : 1
> > loop prevent support : no
> > icanreach mac-exclusive : no
> > icanreach netbios-excl. : no
> > reachable mac addresses : none
> > reachable netbios names : none
> > V2 multicast capable : yes
> > DLSw multicast address : none
> > cisco version number : 1
> > peer group number : 0
> > border peer capable : no
> > peer cost : 3
> > biu-segment configured : no
> > UDP Unicast support : yes
> > NetBIOS Namecache length : 15
> > current border peer : none
> > version string :
> > Cisco Internetwork Operating System Software
> > IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(16), RELEASE SOFTWARE
> > (fc2)
> > Copyright (c) 1986-2001 by cisco Systems, Inc.
> > Compiled Sat 03-Mar-01 00:38 by dchih
> >
> > As you can see, the router does not support any other SAPs expect 04,
08.
> > So NETBios 0F and Novel 0E would not pass.
> >
> > IS THIS WHAT THE TEST WANTS ??
> > IS THIS THE CORECT TECHNOLOGY ??
> >
> > Regards
> >
> > Elias
> >
> > ****************************************************************
> > Elias Aggelidis ALGOSYSTEMS SA
> > Senior Network Engineer 4, Sardeon Str
> > CCNA, CCNP Nea Smyrni
> > CVOICE, Security Specialised
> > PICA Administrator
> > Athens 17121
> > tel: +301-9310281 GREECE
> > fax: +301-9352873
> > email: eaggel@algo.com.gr
> > ****************************************************************
> > **Please read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html
David Anderson
Network Design Engineer
Enterprise Solutions Architecture & Design
(408) 853-5515
dma@cisco.com
| |
..:|||||||:...:|||||||:..
C I S C O S Y S T E M S
**Please read:http://www.groupstudy.com/list/posting.html
****************************************************************
Elias Aggelidis ALGOSYSTEMS SA
Senior Network Engineer 4, Sardeon Str
CCNA, CCNP Nea Smyrni
CVOICE, Security Specialised
PICA Administrator
Athens 17121
tel: +301-9310281 GREECE
fax: +301-9352873
email: eaggel@algo.com.gr
****************************************************************
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:51 GMT-3