GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: access-expression "out" vs "in" posted 09/17/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Well, it depends where is source and where is destination...

1) If host with MAC address 3745.0001.0001 is somwhere on Ring 2 and we want
to allow 
SNA traffic from hosts outside of ring 2  to the host with MAC address
3745.0001.0001 (on Ring 2)
then we have to put "OUT"
2) In case if we want to allow SNA traffic from hosts located on Ring 2  to
the host (located otside of Ring 2) 
with MAC address 3745.0001.0001 - we have to put "IN"

I never understand Solie Labs wording... the same time the book itself is
written in a very comprehensible way.

Dmitry 

> -----Original Message-----
> From: Edward Monk [mailto:edmonk@xxxxxxxxx]
> Sent: Tuesday, September 17, 2002 11:30 AM
> To: 'Omer Ansari'; ccielab@xxxxxxxxxxxxxx
> Subject: RE: access-expression "out" vs "in"
> 
> 
> Omer,
> No it looks wrong to me.
> 
> It should be "in". You are trying to allow only SNA traffic 
> coming IN TO
> the interface to the specified host.
> 
> The "out" would only allow SNA traffic OUT of the interface 
> coming from
> the host at the MAC you specified.
> 
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On 
> Behalf Of
> Omer Ansari
> Sent: Tuesday, September 17, 2002 4:58 AM
> To: ccielab@xxxxxxxxxxxxxx
> Subject: access-expression "out" vs "in"
> 
> All,
> question in the unnamed lab was:
> 
> Configure R4 so that only SNA traffic to MAC address 3745.0001.0001 is
> allowed on [R4's] Ring2.
> 
> my answer was:
> !
> interface TokenRing0/0
>  ip address 10.10.10.1 255.255.255.240
> ...
>  access-expression output (dmac(701) & lsap(201))
> !
> 
> access-list 201 permit 0x0000 0x0D0D
> access-list 701 permit 3745.0001.0001   0000.0000.0000
> !
> 
> 
> does the above look ok? [the solutions had access-expression input
> instead]
> 
> Omer
> 
> 
> 
> > Unnamed questions
> > =================
> > 3.Sec XI, q2
> > on router4, shouldn't this be access-expression out .... instead of
> "in" ?