Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!uunet!stanford.edu!rutgers!soleil!synapse!jamieson
From: jamieson@synapse.bms.com (Stephen Jamieson)
Newsgroups: comp.dcom.sys.cisco
Subject: LSAP codes for Appletalk P II filtering
Message-ID: <1991Jun5.161608.9270@synapse.bms.com>
Date: 5 Jun 91 16:16:08 GMT
Organization: Bristol-Myers Squibb PRI
Lines: 28

We are trying to filter Appletalk phase I and phase two packets across
a bridged interface using an access-list. When we filter phase I we
filter on input-type using the ethertype fields of the ethernet packets.
For Phase II which is 802.3 do you use the same codes ? What code do you
use for input-lsap ? I know that with 802.3 it looks into the packet for
the Agency/Local codes past the DSAP and LSAP and control. 

We are currently using the following filter lines in our config:

interface ethernet 0
bridge-group 1
bridge-group 1 input-lsap-list 201
bridge-group 1 input-type-list 201

access-list 201 deny   0x809B 0x0000
access-list 201 deny   0x80F3 0x0000
access-list 201 permit 0x0000 0xFFFF

The problem we are seeing is that some XNS broadcast packets are
being filtered out as well. If we remove the input-lsap-list line
XNS works fine. Thanks in advance.

steve
-- 
   ___                                      
   ] [ Stephen Jamieson / Network Engineer  
  / o \ Scientific Information Systems      
 /-o---\ Bristol-Myers Squibb Pharmaceutical Research Institute