Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems BC-109 manual Configure Access Expressions, Optimize Access Expressions

Models: BC-109

1 56

Download 56 pages 36.75 Kb

Page 30

Configure Access Expressions

Secure the SRB Network

Configure Access Expressions

To configure an access expression perform the following tasks:

•

•

•

Design the access expression.

Configure the access lists used by the expression.

Configure the access expression into the router.

When designing an access expression, you must create some phrase that indicates, in its entirety, all the frames that will pass the access expression. This access expression is designed to apply on frames coming from the Token Ring interface on Router A in Figure 53:

“Pass the frame if it is a NetBIOS frame or if it is an SNA frame destined to address 0110.2222.3333.”

In Boolean form, this phrase can be written as follows:

“Pass if ‘NetBIOS or (SNA and destined to 0110.2222.3333).’”

The preceding statement requires three access lists to be configured:

•

•

•

An access list that passes a frame if it is a NetBIOS frame (SAP = 0xF0F0)

An access list that passes a frame if it is an SNA frame (SAP = 0x0404)

An access list that passes a MAC address of 0110.2222.3333

The following configuration allows for all these conditions:

!Access list 201 passes NetBIOS frames (command or response) access-list 201 permit 0xF0F0 0x0001

access-list 202 permit 0x0404 0x0001 ! Permits SNA frames (command or response) access-list 202 permit 0x0004 0x0001 ! Permits SNA Explorers with NULL DSAP

!Access list 701 will permit the FEP MAC address

!of 0110.2222.3333

access-list 701 permit 0110.2222.3333

The 0x0001 mask allows command and response frames to pass equally.

To apply the access expression to the appropriate interface, enter the following command in interface configuration mode:

Command	Purpose
access-expression {in out} expression	Define a per-interface access expression.

Optimize Access Expressions

It is possible to combine access expressions. Suppose you wanted to transmit SNA traffic through to a single address, but allow other traffic through the router without restriction. The phrase could be written as follows:

“Allow access if the frame is not an SNA frame, or if it is going to host 0110.2222.3333.”

More tersely, this would be:

“Not SNA or destined to 0110.2222.3333.”

BC-138Bridging and IBM Networking Configuration Guide

Image 30

Cisco Systems BC-109 manual Configure Access Expressions, Optimize Access Expressions

Contents

SRB Configuration Task List Configuring Source-Route BridgingConfigure Source-Route Bridging Configure a Dual-Port BridgeConfigure a Multiport Bridge Using a Virtual Ring Configure a Multiport Bridge Using a Virtual RingFigure 46 Multiple Dual-Port Bridges Define a Ring Group in SRB Context Configure SRB over FDDI Enable SRB and Assign a Ring Group to an InterfaceEnable the Forwarding and Blocking of Spanning-Tree Explorers Configure Fast-Switching SRB over FDDIConfigure SRB over Frame Relay BC-114 Bridging and IBM Networking Configuration GuideEnable the Automatic Spanning-Tree Function source-bridge spanningno source-bridge spanning source-bridge spanning bridge-group Limit the Maximum SRB Hopsbridge bridge-group protocol ibm source-bridge spanning bridge-group path-cost path-costConfigure Bridging of Routed Protocols Enable Use of the RIFConfigure a Static RIF Entry Configure the RIF Timeout IntervalOverview of SR/TLB The following notes and caveats apply to all uses of SR/TLB Enable Bridging between Transparent Bridging and SRB Disable Fast-Switched SR/TLBEnable Translation Compatibility with IBM 8209 Bridges Enable Token Ring LLC2-to-Ethernet Conversion Enable 0x80d5 ProcessingEnable Standard Token Ring LLC2-to-Ethernet LLC2 Conversion Configure NetBIOS Support Enable the Proxy Explorers Feature on the Appropriate Interface Specify Timeout and Enable NetBIOS Name CachingCreate Static Entries in the NetBIOS Name Cache Configure the NetBIOS Cache Name LengthEnable NetBIOS Proxying Specify Dead-Time Intervals for NetBIOS PacketsConfigure LNM Support Configure LNM SupportConfiguring Source-Route Bridging BC-127 How a Router Works with LNM BC-128 Bridging and IBM Networking Configuration GuideDisable LNM Functionality Prevent LNM Stations from Modifying Cisco IOS Software Parameters Disable Automatic Report Path Trace FunctionEnable Other LRMs to Change Router Parameters lnm pathtrace-disabled all originChange Reporting Thresholds Apply a Password to an LNM Reporting LinkEnable LNM Servers lnm password number stringEnable the RPS Express Buffer Function Change an LNM Reporting IntervalMonitor LNM Operation Configure NetBIOS Access Filters Configure NetBIOS Access Filters Using Station NamesSecure the SRB Network netbios access-list bytes name permit deny offset Configure NetBIOS Access Filters Using a Byte Offsetnetbios access-list host name permit deny pattern netbios input-access-filter bytes nameConfigure Administrative Filters for Token Ring Traffic Filter Frames by Protocol TypeFilter Destination Addresses Filter Frames by Vendor CodeFilter Source Addresses source-bridge input-lsap-list access-list-numberConfigure Access Expressions that Combine Administrative Filters Configure Access Expressions Optimize Access ExpressionsAlter Access Lists Used in Access Expressions Tune the SRB NetworkEnable fast-switching Enable or Disable the Source-Route Fast-Switching CacheEnable or Disable the Source-Route Autonomous-Switching Cache Disable fast-switchingOptimize Explorer Processing Enable or Disable the SSEEstablish the Connection Timeout Interval Enable the SSE functionsource-bridge explorerq-depth depth Configure Proxy Explorers Establish SRB Interoperability with TI MAC FirmwareReport Spurious Frame-Copied Errors Monitor and Maintain the SRB NetworkSRB Configuration Examples Basic SRB with Spanning-Tree Explorers Example SRB-Only Example SRB with Automatic Spanning-Tree Function Configuration ExampleOptimized Explorer Processing Configuration Example SRB with Automatic Spanning-Tree Function Configuration ExampleSRB and Routing Certain Protocols Example Multiport SRB ExampleS1103a Configuring Source-Route Bridging BC-149 Configuration for Router ASRB with Multiple Virtual Ring Groups Example SRB with Multiple Virtual Ring Groups ExampleConfiguration for Router B SRB over FDDI Configuration ExamplesSRB over FDDI Fast-Switching Example Router ASRB over Frame Relay Configuration Example Configuration on Router C Configuration of Router AConfiguration on Router B Adding a Static RIF Cache Entry ExampleAdding a Static RIF Cache Entry for a Two-Hop Path Example SR/TLB for a Simple Network ExampleBridge Now you are ready to determine two things SR/TLB with Access Filtering Example NetBIOS Support with a Static NetBIOS Cache Entry Example BC-156 Bridging and IBM Networking Configuration GuideLNM for a Simple Network Example BC-158 Bridging and IBM Networking Configuration Guide LNM for a More Complex Network ExampleSRB Configuration Examples Physical configurationNetBIOS Access Filters Example Filtering Bridged Token Ring Packets to IBM Machines Example BC-160 Bridging and IBM Networking Configuration GuideAdministrative Access Filters-Filtering SNAP Frames on Output Example Administrative Access Filters-Filtering SNAP Frames on Output ExampleFigure 68 shows a router connecting four Token Rings Configuring Source-Route Bridging BC-161Creating Access Filters Example Access Filters Example Access Filters ExampleFast-Switching Example Figure 69 Network Configuration Using NetBIOS Access FiltersAutonomous Switching Example SRB Configuration ExamplesBC-164 Bridging and IBM Networking Configuration Guide