Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems BC-109 manual Creating Access Filters Example

Models: BC-109

1 56

Download 56 pages 36.75 Kb

Page 54

SRB Configuration Examples

access-list 203 permit 0xE0E0 0x0101 access-list 203 deny 0x0000 0xFFFF

Note that it is not necessary to check for an LSAP of 0xAAAA when filtering SNAP-encapsulated AppleTalk packets, because for source-route bridging, the use of type filters implies SNAP encapsulation.

Creating Access Filters Example

In math, you have the following:

3 x 4 + 2 = 14 but 3 x (4 + 2) = 18

Similarly, the following access expressions would return TRUE if lsap(201) and dmac(701) returned TRUE or if smac(702) returned TRUE:

lsap(201) & dmac(701) smac(702)

However, the following access expression would return TRUE only if lsap(201) returned TRUE and either of dmac(701) or smac(702) returned TRUE:

lsap(201) & (dmac(701) smac(702))

Referring to the earlier example, “An Example Using NetBIOS Access Filters,” we had the phrase:

“Pass the frame if it is NetBIOS, or if it is an SNA frame destined to address 0110.2222.3333.”

This phrase was converted to the simpler form of:

Pass if “NetBIOS or (SNA and destined to 0110.2222.3333).”

So, for the following configuration:

!Access list 201 passes NetBIOS frames (command or response) access-list 201 permit 0xF0F0 0x0001

access-list 202 permit 0x0404 0x0001 ! Permits SNA frames (command or response) access-list 202 permit 0x0004 0x0001 ! Permits SNA Explorers with NULL DSAP

!Access list 701 will permit the FEP MAC address

!of 0110.2222.3333

access-list 701 permit 0110.2222.3333

The following access expression would result:

access-expression in lsap(201) (lsap(202) & dmac(701))

BC-162Bridging and IBM Networking Configuration Guide

Image 54

Cisco Systems BC-109 manual Creating Access Filters Example

Contents

SRB Configuration Task List Configuring Source-Route BridgingConfigure Source-Route Bridging Configure a Dual-Port BridgeConfigure a Multiport Bridge Using a Virtual Ring Configure a Multiport Bridge Using a Virtual RingFigure 46 Multiple Dual-Port Bridges Define a Ring Group in SRB Context Configure SRB over FDDI Enable SRB and Assign a Ring Group to an InterfaceEnable the Forwarding and Blocking of Spanning-Tree Explorers Configure Fast-Switching SRB over FDDIConfigure SRB over Frame Relay BC-114 Bridging and IBM Networking Configuration GuideEnable the Automatic Spanning-Tree Function source-bridge spanningno source-bridge spanning source-bridge spanning bridge-group Limit the Maximum SRB Hopsbridge bridge-group protocol ibm source-bridge spanning bridge-group path-cost path-costConfigure Bridging of Routed Protocols Enable Use of the RIFConfigure a Static RIF Entry Configure the RIF Timeout IntervalOverview of SR/TLB The following notes and caveats apply to all uses of SR/TLB Enable Bridging between Transparent Bridging and SRB Disable Fast-Switched SR/TLBEnable Translation Compatibility with IBM 8209 Bridges Enable Token Ring LLC2-to-Ethernet Conversion Enable 0x80d5 ProcessingEnable Standard Token Ring LLC2-to-Ethernet LLC2 Conversion Configure NetBIOS Support Enable the Proxy Explorers Feature on the Appropriate Interface Specify Timeout and Enable NetBIOS Name CachingCreate Static Entries in the NetBIOS Name Cache Configure the NetBIOS Cache Name LengthEnable NetBIOS Proxying Specify Dead-Time Intervals for NetBIOS PacketsConfigure LNM Support Configure LNM SupportConfiguring Source-Route Bridging BC-127 How a Router Works with LNM BC-128 Bridging and IBM Networking Configuration GuideDisable LNM Functionality Prevent LNM Stations from Modifying Cisco IOS Software Parameters Disable Automatic Report Path Trace FunctionEnable Other LRMs to Change Router Parameters lnm pathtrace-disabled all originChange Reporting Thresholds Apply a Password to an LNM Reporting LinkEnable LNM Servers lnm password number stringEnable the RPS Express Buffer Function Change an LNM Reporting IntervalMonitor LNM Operation Configure NetBIOS Access Filters Configure NetBIOS Access Filters Using Station NamesSecure the SRB Network netbios access-list bytes name permit deny offset Configure NetBIOS Access Filters Using a Byte Offsetnetbios access-list host name permit deny pattern netbios input-access-filter bytes nameConfigure Administrative Filters for Token Ring Traffic Filter Frames by Protocol TypeFilter Destination Addresses Filter Frames by Vendor CodeFilter Source Addresses source-bridge input-lsap-list access-list-numberConfigure Access Expressions that Combine Administrative Filters Configure Access Expressions Optimize Access ExpressionsAlter Access Lists Used in Access Expressions Tune the SRB NetworkEnable fast-switching Enable or Disable the Source-Route Fast-Switching CacheEnable or Disable the Source-Route Autonomous-Switching Cache Disable fast-switchingOptimize Explorer Processing Enable or Disable the SSEEstablish the Connection Timeout Interval Enable the SSE functionsource-bridge explorerq-depth depth Configure Proxy Explorers Establish SRB Interoperability with TI MAC FirmwareReport Spurious Frame-Copied Errors Monitor and Maintain the SRB NetworkSRB Configuration Examples Basic SRB with Spanning-Tree Explorers Example SRB-Only Example SRB with Automatic Spanning-Tree Function Configuration ExampleOptimized Explorer Processing Configuration Example SRB with Automatic Spanning-Tree Function Configuration ExampleSRB and Routing Certain Protocols Example Multiport SRB ExampleS1103a Configuring Source-Route Bridging BC-149 Configuration for Router ASRB with Multiple Virtual Ring Groups Example SRB with Multiple Virtual Ring Groups ExampleConfiguration for Router B SRB over FDDI Configuration ExamplesSRB over FDDI Fast-Switching Example Router ASRB over Frame Relay Configuration Example Configuration on Router C Configuration of Router AConfiguration on Router B Adding a Static RIF Cache Entry ExampleAdding a Static RIF Cache Entry for a Two-Hop Path Example SR/TLB for a Simple Network ExampleBridge Now you are ready to determine two things SR/TLB with Access Filtering Example NetBIOS Support with a Static NetBIOS Cache Entry Example BC-156 Bridging and IBM Networking Configuration GuideLNM for a Simple Network Example BC-158 Bridging and IBM Networking Configuration Guide LNM for a More Complex Network ExampleSRB Configuration Examples Physical configurationNetBIOS Access Filters Example Filtering Bridged Token Ring Packets to IBM Machines Example BC-160 Bridging and IBM Networking Configuration GuideAdministrative Access Filters-Filtering SNAP Frames on Output Example Administrative Access Filters-Filtering SNAP Frames on Output ExampleFigure 68 shows a router connecting four Token Rings Configuring Source-Route Bridging BC-161Creating Access Filters Example Access Filters Example Access Filters ExampleFast-Switching Example Figure 69 Network Configuration Using NetBIOS Access FiltersAutonomous Switching Example SRB Configuration ExamplesBC-164 Bridging and IBM Networking Configuration Guide