GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: vlan-map filters to deny IPX traffic posted 08/11/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Did you test it? :)

Brian McGahan, CCIE #8593
bmcgahan@xxxxxxxxxxxxxxxxxxxxxx 

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/


> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf
Of
> ccie2be
> Sent: Tuesday, August 10, 2004 4:59 PM
> To: Brian McGahan; Group Study
> Subject: Re: vlan-map filters to deny IPX traffic
> 
> Jeez, I guess I'm still thinking from old ACRC course.
> 
> OK, IPX ether type is 8137 and 8138, so would this ether type acl be
> correct
> for the 3550?
> 
> mac access-list extended NO-IPX
>  deny any any 0x8137 0x0001
> 
> Am I getting warm?
> 
> Thanks, Tim
> 
> 
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@xxxxxxxxxxxxxxxxxxxxxx>
> To: "ccie2be" <ccie2be@xxxxxxxxxx>; "Group Study"
<ccielab@xxxxxxxxxxxxxx>
> Sent: Tuesday, August 10, 2004 5:33 PM
> Subject: RE: vlan-map filters
> 
> 
> > What is the Ether-Type value for IPX?
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@xxxxxxxxxxxxxxxxxxxxxx
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987 x 705
> > Outside US: 775-826-4344 x 705
> > 24/7 Support: http://forum.internetworkexpert.com
> > Live Chat: http://www.internetworkexpert.com/chat/
> >
> >
> > > -----Original Message-----
> > > From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On
Behalf
> > Of
> > > ccie2be
> > > Sent: Tuesday, August 10, 2004 4:17 PM
> > > To: Brian McGahan; Group Study
> > > Subject: Re: vlan-map filters
> > >
> > > Brian,
> > >
> > > Is there a way to explicitly deny IPX traffic on a 3550?  I
thought
> > the
> > > 3550
> > > only supports IP and mac address acl's.  Am I mistaken?
> > >
> > > Thanks,
> > > ----- Original Message -----
> > > From: "Brian McGahan" <bmcgahan@xxxxxxxxxxxxxxxxxxxxxx>
> > > To: "ccie2be" <ccie2be@xxxxxxxxxx>; "Group Study"
> > <ccielab@xxxxxxxxxxxxxx>
> > > Sent: Tuesday, August 10, 2004 2:41 PM
> > > Subject: RE: vlan-map filters
> > >
> > >
> > > Tim,
> > >
> > > This type of question is really beyond the scope of the lab
> > > exam, as I highly doubt they want you to remember the LSAP values
of
> > the
> > > different protocols.  Instead, this task is meant to be a slap on
the
> > > wrist to show you how NOT to configure VACLs :)
> > >
> > > Normal ACL filtering dictates that you permit only what you
> > > want, and deny everything else.  When using VACLs, you should deny
> > what
> > > you don't want, and permit everything else.  Otherwise you tend to
> > > forget all the necessary layer 2 protocols that are keeping the
> > network
> > > alive.
> > >
> > >
> > > HTH,
> > >
> > > Brian McGahan, CCIE #8593
> > > bmcgahan@xxxxxxxxxxxxxxxxxxxxxx
> > >
> > > Internetwork Expert, Inc.
> > > http://www.InternetworkExpert.com
> > > Toll Free: 877-224-8987 x 705
> > > Outside US: 775-826-4344 x 705
> > > 24/7 Support: http://forum.internetworkexpert.com
> > > Live Chat: http://www.internetworkexpert.com/chat/
> > >
> > >
> > > > -----Original Message-----
> > > > From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On
Behalf
> > > Of
> > > > ccie2be
> > > > Sent: Tuesday, August 10, 2004 10:38 AM
> > > > To: Group Study
> > > > Subject: vlan-map filters
> > > >
> > > > Hi guys,
> > > >
> > > > From IE lab 11, task 1.16 and 1.17
> > > >
> > > > Problem:
> > > >
> > > > Allow only ip traffic on vlan 56, however, if other behind the
> > scenes
> > > > traffic
> > > > is NOT allowed, there'll be big trouble in Cisco lab city.
> > > >
> > > >
> > > > Solution:
> > > >
> > > > ip access-list extended IPONLY
> > > > permit ip any any
> > > > !
> > > > mac access-list extended IP_ARP
> > > > permit any any 0x806 0x0                 < --- Can this found on
Doc
> > > CD?
> > > >
> > > > mac access-list extended IS-IS
> > > > permit any any lsap 0xFEFE 0x0      < ---- Can this found on Doc
CD?
> > > >
> > > > mac access-list extended IEEE-STP
> > > > permit any any lsap 0x4242 0x0         < ---- Can this found on
Doc
> > > CD?
> > > > !
> > > > vlan access-map IPONLY 10
> > > > action forward
> > > > match ip address IPONLY
> > > >
> > > > vlan access-map IPONLY 20
> > > > action forward
> > > > match mac address IP_ARP
> > > >
> > > > vlan access-map IPONLY 30
> > > > action forward
> > > > match mac address IS-IS
> > > >
> > > > vlan access-map IPONLY 40
> > > > action forward
> > > > match mac address IEEE-STP
> > > >
> > > > vlan access-map IPONLY 50
> > > > action drop
> > > > vlan filter IPONLY vlan-list 56
> > > >
> > > > vlan filter IPONLY vlan-list 56
> > > >
> > > > Question:  Does anybody know where on the Doc-CD the codes used
> > match
> > > > these
> > > > traffic types can be found?  I've looked but came up empty.
> > > >
> > > > Also, cdp traffic will be dropped by the above vlan filter.  Is
that
> > a
> > > > good
> > > > idea?
> > > >
> > > > Thanks, Tim
> > > >
> > > >
> > >
> >
_______________________________________________________________________
> > > > Please help support GroupStudy by purchasing your study
materials
> > > from:
> > > > http://shop.groupstudy.com
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> >
_______________________________________________________________________
> > > Please help support GroupStudy by purchasing your study materials
> > from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
_______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials
from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> 
>
_______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials
from:
> http://shop.groupstudy.com
> 
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html