From: Reisner, Tim (TR126568@xxxxxxxxxxxxxxxxxxxxxxxxx)
Date: Thu Nov 29 2001 - 18:35:38 GMT-3
You should probably include SAP 08 as well. It is used for SNA also.
-----Original Message-----
From: Waters, Kivas (UK72) [mailto:Kivas.Waters@Honeywell.com]
Sent: Thursday, November 29, 2001 3:20 PM
To: Brian Hescock; ccielab@groupstudy.com
Subject: RE: follow-up: filtering explorers to a specific host
I have been following this thread with interrest, thanks for the
clarification. Can you please help me understand the LLC2 explorer traffic
you mention. For example, should a lab question ask me to configure a dlsw
remote peer output-sap-filter allowing only the SNA path control SAP and SAP
0x0C through the filter, what should the ACL 200 look like?
Here is my attempt :
"access-list(200) perm 0x0404 0x0101
access-list(200) perm 0x0C0C 0x0101"
Is this feasable or will I also need to permit an explorer type SAP or TEST
frame to enable connectivity to an end station? If my answer is wrong,
please correct it to illustrate.
best regards
Ki
-----Original Message-----
From: Brian Hescock [mailto:bhescock@cisco.com]
Sent: 29 November 2001 20:18
To: ccielab@groupstudy.com
Subject: follow-up: filtering explorers to a specific host
Follow-up to my previous questions about filtering explorers to a
specific host:
- "dlsw icanreach mac" and "dlsw mac-addr" commands will not prevent an
explorer from being sent for the specified mac address. The only
advantage is we reduce traffic on the wan because we only send an
explorer to the peer in question, not to all peers. I confirmed this
with our IBM team.
- there is no way to force the dlsw reachability cache to mark an entry
as "found" (instead of "unconfirmed")
- sna has static mappings and we will always know the destination mac to
a host. We can then use that dmac in an access-expression and filter
explorers from being sent to that specific mac, as in:
access-expression in (lsap(200) & dmac(700))
Brian
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:26 GMT-3