03-29-2003 06:33 PM
I have about 60 dlsw peers coming from remote location 2651s in to a 7513 router at a core operations center. Each remote location has an AS400 that connects to 10 AS400s at the core location via SNA. I am looking to filter traffic so that only SNA traffic is allowed and (possibly) only to the MAC addresses at the core location. Anyone know the easiest way to do this?
Thanks,
John Singer
03-30-2003 06:42 PM
SNA uses SAPS ranging from 0x00 to 0x0FF.
access-list 200 permit 0x0000 0x0D0D - permits almost all SNA saps, and denies the rest.
This can be applied on dlsw remote peers, to filter outbound SAPS.
dlsw remote-peer 0 tcp
But this sounds like a tedious task to apply on all the 60 remote peers.
To filter the traffic with specific mac-address of the AS400 at the core,
Use the command,
dlsw mac-addr
You can add multiple statements.
Hope that helps!
03-30-2003 10:34 PM
Another way to do it is using DLSw icanreach saps 04
Assuming that you do not modify the default SAP on the line description. This prevents the router accepts any non-sna packet. If you use HPR, please use "dlsw icanreach saps 04 c8."
dlsw icanreach works better when you want the filter applies to all remote peers. It is more effective than SAP access list because it prevent the router sending CUR (can you reach) frame.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: