RE: DLSW+ posted 09/24/2003
0x0404 0x0001 will match 0404 and 0405. The source SAP will always be
an even numbered one. The destination can be command or response.
From: kasturi cisco [mailto:kasturi_cisco@xxxxxxxxxxx]
Sent: Wednesday, September 24, 2003 2:55 PM
To: swm@xxxxxxxxxx; joe_biondino@xxxxxxxxxxx; ccielab@xxxxxxxxxxxxxx
Subject: RE: DLSW+
Thanks for the explanation.
Will 0x0404 with mask 0x0001 cover both 0x0404 and 0x0505.I was trying
to match them with the above mask and it did not seem to match. Am I
missing something basic or confusing myself ?
I think the above will match only 0x0404 and (also the response with
0x0505 should also be permitted right ?).
Let me know.Thanks.
>From: "Scott Morris"
>To: "'kasturi cisco'" ,,
>Subject: RE: DLSW+
>Date: Wed, 24 Sep 2003 13:49:09 -0400
>04 and 05 are all that will exist on Ethernet.
>00 is an explorer, and will only exist on ethernet if you are doing
>source route bridging... Otherwise, that won't even be there.
>All of the Cisco examples use the 0d0d mask more for laziness (IMHO),
>but it covers all of the SAPs that could possibly be used in a TR
>environment. The higher SAPs are used for IBM-specific equipment and
>won't ever exist in the CCIE lab.
>Whether you are penalized for allowing them or not is something the
>proctor would have to answer. Being that most people don't know which
>SAP does what, and most of the CCO documentation doesn't exactly help
>the issue any, I highly doubt it would be a point of contention.
>Check out iana.org though, and look at the SAP list. It will tell you
>exactly what the ones that match the mask you're using are.
>IMHO, use 0404 and 0001 for ethernet-only environments not running SRB.
>Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
>CISSP, JNCIS, et al.
>IPExpert CCIE Program Manager
>IPExpert Sr. Technical Instructor
>From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
>Sent: Wednesday, September 24, 2003 12:19 PM
>To: joe_biondino@xxxxxxxxxxx; ccielab@xxxxxxxxxxxxxx
>Subject: Re: DLSW+
>i dont think access-list 201 iinterpretation is right ? 0x0404 with
>0x0001 does not match all SNA frames. If u do the math with mask it
>works out to
>0000 0100 0000 0100 as the acl entry
>0000 0000 0000 0001 is the mask
>0000 0100 0000 010x and all entries matching this. 0x04 and work out
>the second part (SSAP).
>For almost all common SNA frames it is 0x0000 0x0d0d. Use the link
>As ever correct me if i am wrong.
> >From: "Joe Biondino" >Reply-To: "Joe Biondino" >To: >Subject: DLSW+
> >Date: Wed, 24 Sep 2003 23:16:19 +1000 > >Group, > >I have searched
>and low but was unable to find a definitive description >for the
>following protocol type access-list arguments. Can somebody please go
> >through what I think they mean and tell me if I have it right?? >
> >access-list 200 permit 0x0000 0x0d0d > >access-list 201 permit 0x0404
>0x0001 >access-list 201 permit 0x0004 0x0001 > >access-list 202 permit
>0xF0F0 0x0101 > >Descriptions (as far as I know): > >ACL 200 >The
>arguments for ACL 200 match ALL SNA SAPs > >ACL 201 >The Arguments for
>ACL 201 match all SNA frames (second line is for explorers) > >ACL 202
> >The argument for ACL 202 match all NETBIOS frames > >Is there an
>argument that covers all NETBIOS SAPs?? > >Thanking you in advance for
>any input. > >Joe > >***Get your CCIE and a FREE vacation:
> >Please help support GroupStudy by purchasing your study materials
> >shop.groupstudy.com > >Subscription information may be found at:
>Share your photos without swamping your Inbox. Get Hotmail Extra
>***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>Please help support GroupStudy by purchasing your study materials from:
>Subscription information may be found at:
A chance to meet Aishwarya Rai. Win lucky prizes.