From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Tue Aug 10 2004 - 18:33:49 GMT-3
What is the Ether-Type value for IPX?
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> ccie2be
> Sent: Tuesday, August 10, 2004 4:17 PM
> To: Brian McGahan; Group Study
> Subject: Re: vlan-map filters
>
> Brian,
>
> Is there a way to explicitly deny IPX traffic on a 3550? I thought
the
> 3550
> only supports IP and mac address acl's. Am I mistaken?
>
> Thanks,
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
<ccielab@groupstudy.com>
> Sent: Tuesday, August 10, 2004 2:41 PM
> Subject: RE: vlan-map filters
>
>
> Tim,
>
> This type of question is really beyond the scope of the lab
> exam, as I highly doubt they want you to remember the LSAP values of
the
> different protocols. Instead, this task is meant to be a slap on the
> wrist to show you how NOT to configure VACLs :)
>
> Normal ACL filtering dictates that you permit only what you
> want, and deny everything else. When using VACLs, you should deny
what
> you don't want, and permit everything else. Otherwise you tend to
> forget all the necessary layer 2 protocols that are keeping the
network
> alive.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > ccie2be
> > Sent: Tuesday, August 10, 2004 10:38 AM
> > To: Group Study
> > Subject: vlan-map filters
> >
> > Hi guys,
> >
> > From IE lab 11, task 1.16 and 1.17
> >
> > Problem:
> >
> > Allow only ip traffic on vlan 56, however, if other behind the
scenes
> > traffic
> > is NOT allowed, there'll be big trouble in Cisco lab city.
> >
> >
> > Solution:
> >
> > ip access-list extended IPONLY
> > permit ip any any
> > !
> > mac access-list extended IP_ARP
> > permit any any 0x806 0x0 < --- Can this found on Doc
> CD?
> >
> > mac access-list extended IS-IS
> > permit any any lsap 0xFEFE 0x0 < ---- Can this found on Doc CD?
> >
> > mac access-list extended IEEE-STP
> > permit any any lsap 0x4242 0x0 < ---- Can this found on Doc
> CD?
> > !
> > vlan access-map IPONLY 10
> > action forward
> > match ip address IPONLY
> >
> > vlan access-map IPONLY 20
> > action forward
> > match mac address IP_ARP
> >
> > vlan access-map IPONLY 30
> > action forward
> > match mac address IS-IS
> >
> > vlan access-map IPONLY 40
> > action forward
> > match mac address IEEE-STP
> >
> > vlan access-map IPONLY 50
> > action drop
> > vlan filter IPONLY vlan-list 56
> >
> > vlan filter IPONLY vlan-list 56
> >
> > Question: Does anybody know where on the Doc-CD the codes used
match
> > these
> > traffic types can be found? I've looked but came up empty.
> >
> > Also, cdp traffic will be dropped by the above vlan filter. Is that
a
> > good
> > idea?
> >
> > Thanks, Tim
> >
> >
>
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:40 GMT-3