Cisco Systems BC-109 manual Access Expression Example

Page 29

Configure Access Expressions that Combine Administrative Filters

Configure Access Expressions that Combine Administrative Filters

You can use access expressions to combine access filters to establish complex conditions under which bridged frames can enter or leave an interface. Using access expressions, you can achieve levels of control on the forwarding of frames that otherwise would be impossible when using only simple access filters. Access expressions are constructed from individual access lists that define administrative filters for the following fields in packets:

LSAP and SNAP type codes

MAC addresses

NetBIOS station names

NetBIOS arbitrary byte values

Note For any given interface, an access expression cannot be used if an access list has been defined for a given direction. For example, if an input access list is defined for MAC addresses on an interface, no access expression can be specified for the input side of that interface.

In Figure 53, two routers each connect a Token Ring to an FDDI backbone. On both Token Rings, SNA and NetBIOS bridging support is required. On Token Ring A, NetBIOS clients must communicate with any NetBIOS server off Token Ring B or any other, unpictured router. However, the two 3174 cluster controllers off Token Ring A must only communicate with the one FEP off of Token Ring B, located at MAC address 0110.2222.3333.

Without access expressions, this scenario cannot be achieved. A filter on Router A that restricted access to only the FEP would also restrict access of the NetBIOS clients to the FEP. What is needed is an access expression that would state “If it is a NetBIOS frame, pass through, but if it is an SNA frame, only allow access to address 0110.2222.3333.”

Figure 53 Access Expression Example

 

 

 

 

NetBIOS clients

 

 

 

 

NetBIOS servers

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Token

FDDI

Token

 

Ring

Ring

 

 

 

Router A

 

Router B

 

 

 

IBM FEP

3174

3174

 

address

 

0110.2222.3333

 

 

 

S1111a

Note Using access-expressions that combine access filters disables the autonomous or fast switching of source-route bridging frames.

Configuring Source-Route Bridging BC-137

Page 28 Page 30
Image 29
Page 28 Page 30
Contents SRB Configuration Task List Configuring Source-Route BridgingConfigure a Dual-Port Bridge Configure Source-Route BridgingMultiple Dual-Port Bridges Configure a Multiport Bridge Using a Virtual RingNo source-bridge ring-group ring-group Define a Ring Group in SRB ContextSource-bridge ring-group ring-group Enable SRB and Assign a Ring Group to an Interface Configure SRB over FddiInterface fddi slot/port Source-bridge route-cache cbusConfigure SRB over Frame Relay Configure Fast-Switching SRB over FddiEnable the Automatic Spanning-Tree Function Limit the Maximum SRB Hops Enable Use of the RIF Configure Bridging of Routed ProtocolsConfigure the RIF Timeout Interval Configure a Static RIF EntryOverview of SR/TLB Following notes and caveats apply to all uses of SR/TLB Disable Fast-Switched SR/TLB Enable Bridging between Transparent Bridging and SRBEnable Translation Compatibility with IBM 8209 Bridges No source-bridge transparent ring-group fastswitchEnable 0x80d5 Processing Enable Token Ring LLC2-to-Ethernet ConversionEnable Standard Token Ring LLC2-to-Ethernet LLC2 Conversion Source-bridge sap-80d5 dsapConfigure NetBIOS Support Source-bridge proxy-netbios-only Specify Timeout and Enable NetBIOS Name CachingEnable NetBIOS Proxying Configure the NetBIOS Cache Name LengthCreate Static Entries in the NetBIOS Name Cache Specify Dead-Time Intervals for NetBIOS PacketsNetbios name-cache recognized-timeout seconds Configure LNM SupportNetbios name-cache query-timeout seconds LNM Linking to a Source-Route Bridge on Each Local Ring LAN Network Manager Monitoring and Translating How a Router Works with LNMDisable LNM Functionality Enable Other LRMs to Change Router Parameters Disable Automatic Report Path Trace FunctionChange Reporting Thresholds Apply a Password to an LNM Reporting LinkEnable LNM Servers Lnm softerr milliseconds Change an LNM Reporting IntervalMonitor LNM Operation Secure the SRB Network Configure NetBIOS Access FiltersConfigure NetBIOS Access Filters Using Station Names Netbios access-list host name permit deny pattern Configure NetBIOS Access Filters Using a Byte OffsetNetbios access-list bytes name permit deny offset Netbios input-access-filter bytes nameFilter Frames by Protocol Type Configure Administrative Filters for Token Ring TrafficNetbios output-access-filter bytes name Filter Destination Addresses Filter Frames by Vendor CodeFilter Source Addresses Access Expression Example Optimize Access Expressions Configure Access ExpressionsTune the SRB Network Alter Access Lists Used in Access ExpressionsEnable or Disable the Source-Route Fast-Switching Cache Optimize Explorer Processing Enable or Disable the SSEEstablish the Connection Timeout Interval Controlling Explorer Storms in Redundant Network Topologies Mac-address ieee-address Configure Proxy ExplorersEstablish SRB Interoperability with TI MAC Firmware Monitor and Maintain the SRB Network Report Spurious Frame-Copied ErrorsSource-bridge tcp-queue-max number SRB Configuration ExamplesBasic SRB with Spanning-Tree Explorers Example Dual-Port Source-Route Bridge ConfigurationSRB-Only Example Optimized Explorer Processing Configuration ExampleMultiport SRB Example SRB and Routing Certain Protocols ExampleSRB with Multiple Virtual Ring Groups Example Configuration for Router aSRB over Fddi Fast-Switching Example SRB over Fddi Configuration ExamplesConfiguration for Router B Router aFrad Using SRB over Frame Relay to Connect to a Cisco Router SRB over Frame Relay Configuration ExampleConfiguration on Router B Configuration of Router aConfiguration on Router C Adding a Static RIF Cache Entry ExampleSR/TLB for a Simple Network Example Adding a Static RIF Cache Entry for a Two-Hop Path ExampleBC-154Bridging and IBM Networking Configuration Guide Example of a Bit-Swapped Address SR/TLB with Access Filtering ExampleSpecifying a Static Entry NetBIOS Support with a Static NetBIOS Cache Entry ExampleLNM for a Simple Network Example Wayfarer# show lnm configLNM for a More Complex Network Example NetBIOS Access Filters Example Filtering Bridged Token Ring Packets to IBM Machines Example Shows a router connecting four Token Rings Following access expression would result Creating Access Filters ExampleFast-Switching Example Access Filters ExampleAutonomous Switching Example
Top Page Image Contents