Access Expression Example | Cisco Systems BC-109 guide

Configure Access Expressions that Combine Administrative Filters

Configure Access Expressions that Combine Administrative Filters

You can use access expressions to combine access filters to establish complex conditions under which bridged frames can enter or leave an interface. Using access expressions, you can achieve levels of control on the forwarding of frames that otherwise would be impossible when using only simple access filters. Access expressions are constructed from individual access lists that define administrative filters for the following fields in packets:

•

•

•

•

LSAP and SNAP type codes

MAC addresses

NetBIOS station names

NetBIOS arbitrary byte values

Note For any given interface, an access expression cannot be used if an access list has been defined for a given direction. For example, if an input access list is defined for MAC addresses on an interface, no access expression can be specified for the input side of that interface.

In Figure 53, two routers each connect a Token Ring to an FDDI backbone. On both Token Rings, SNA and NetBIOS bridging support is required. On Token Ring A, NetBIOS clients must communicate with any NetBIOS server off Token Ring B or any other, unpictured router. However, the two 3174 cluster controllers off Token Ring A must only communicate with the one FEP off of Token Ring B, located at MAC address 0110.2222.3333.

Without access expressions, this scenario cannot be achieved. A filter on Router A that restricted access to only the FEP would also restrict access of the NetBIOS clients to the FEP. What is needed is an access expression that would state “If it is a NetBIOS frame, pass through, but if it is an SNA frame, only allow access to address 0110.2222.3333.”

Figure 53 Access Expression Example

NetBIOS clients

NetBIOS servers

	Token	FDDI	Token
	Ring	FDDI	Ring
	Ring		Ring
	Router A		Router B
			IBM FEP
3174	3174		address
3174	3174		0110.2222.3333
			0110.2222.3333

S1111a

Note Using access-expressions that combine access filters disables the autonomous or fast switching of source-route bridging frames.

Configuring Source-Route Bridging BC-137

Image 29

Cisco Systems BC-109 manual Access Expression Example

Contents

SRB Configuration Task List Configuring Source-Route Bridging Configure a Dual-Port Bridge Configure Source-Route Bridging Multiple Dual-Port Bridges Configure a Multiport Bridge Using a Virtual Ring No source-bridge ring-group ring-group Define a Ring Group in SRB ContextSource-bridge ring-group ring-group Enable SRB and Assign a Ring Group to an Interface Configure SRB over FddiInterface fddi slot/port Source-bridge route-cache cbus Configure SRB over Frame Relay Configure Fast-Switching SRB over Fddi Enable the Automatic Spanning-Tree Function Limit the Maximum SRB Hops Enable Use of the RIF Configure Bridging of Routed Protocols Configure the RIF Timeout Interval Configure a Static RIF Entry Overview of SR/TLB Following notes and caveats apply to all uses of SR/TLB Disable Fast-Switched SR/TLB Enable Bridging between Transparent Bridging and SRBEnable Translation Compatibility with IBM 8209 Bridges No source-bridge transparent ring-group fastswitch Enable 0x80d5 Processing Enable Token Ring LLC2-to-Ethernet ConversionEnable Standard Token Ring LLC2-to-Ethernet LLC2 Conversion Source-bridge sap-80d5 dsap Configure NetBIOS Support Source-bridge proxy-netbios-only Specify Timeout and Enable NetBIOS Name Caching Enable NetBIOS Proxying Configure the NetBIOS Cache Name LengthCreate Static Entries in the NetBIOS Name Cache Specify Dead-Time Intervals for NetBIOS Packets Netbios name-cache recognized-timeout seconds Configure LNM SupportNetbios name-cache query-timeout seconds LNM Linking to a Source-Route Bridge on Each Local Ring LAN Network Manager Monitoring and Translating How a Router Works with LNM Disable LNM Functionality Enable Other LRMs to Change Router Parameters Disable Automatic Report Path Trace Function Change Reporting Thresholds Apply a Password to an LNM Reporting LinkEnable LNM Servers Lnm softerr milliseconds Change an LNM Reporting IntervalMonitor LNM Operation Secure the SRB Network Configure NetBIOS Access FiltersConfigure NetBIOS Access Filters Using Station Names Netbios access-list host name permit deny pattern Configure NetBIOS Access Filters Using a Byte OffsetNetbios access-list bytes name permit deny offset Netbios input-access-filter bytes name Filter Frames by Protocol Type Configure Administrative Filters for Token Ring TrafficNetbios output-access-filter bytes name Filter Destination Addresses Filter Frames by Vendor CodeFilter Source Addresses Access Expression Example Optimize Access Expressions Configure Access Expressions Tune the SRB Network Alter Access Lists Used in Access Expressions Enable or Disable the Source-Route Fast-Switching Cache Optimize Explorer Processing Enable or Disable the SSEEstablish the Connection Timeout Interval Controlling Explorer Storms in Redundant Network Topologies Mac-address ieee-address Configure Proxy ExplorersEstablish SRB Interoperability with TI MAC Firmware Monitor and Maintain the SRB Network Report Spurious Frame-Copied Errors Source-bridge tcp-queue-max number SRB Configuration Examples Basic SRB with Spanning-Tree Explorers Example Dual-Port Source-Route Bridge Configuration SRB-Only Example Optimized Explorer Processing Configuration Example Multiport SRB Example SRB and Routing Certain Protocols Example SRB with Multiple Virtual Ring Groups Example Configuration for Router a SRB over Fddi Fast-Switching Example SRB over Fddi Configuration ExamplesConfiguration for Router B Router a Frad Using SRB over Frame Relay to Connect to a Cisco Router SRB over Frame Relay Configuration Example Configuration on Router B Configuration of Router aConfiguration on Router C Adding a Static RIF Cache Entry Example SR/TLB for a Simple Network Example Adding a Static RIF Cache Entry for a Two-Hop Path Example BC-154Bridging and IBM Networking Configuration Guide Example of a Bit-Swapped Address SR/TLB with Access Filtering Example Specifying a Static Entry NetBIOS Support with a Static NetBIOS Cache Entry Example LNM for a Simple Network Example Wayfarer# show lnm config LNM for a More Complex Network Example NetBIOS Access Filters Example Filtering Bridged Token Ring Packets to IBM Machines Example Shows a router connecting four Token Rings Following access expression would result Creating Access Filters Example Fast-Switching Example Access Filters Example Autonomous Switching Example