Cisco Systems BC-109 Network Router User Manual


  Open as PDF
of 56
 
Configure Access Expressions that Combine Administrative Filters
Configuring Source-Route Bridging BC-137
Configure Access Expressions that Combine Administrative Filters
You can use access expressions to combine access filters to establish complex conditions under
which bridged frames can enter or leave an interface. Using access expressions, you can achieve
levels of control on the forwarding of frames that otherwise would be impossible when using only
simple access filters. Access expressions are constructed from individual access lists that define
administrative filters for the following fields in packets:
LSAP and SNAP type codes
MAC addresses
NetBIOS station names
NetBIOS arbitrary byte values
Note For any given interface, an access expression cannot be used if an access list has been defined
for a given direction. For example, if an input access list is defined for MAC addresses on an
interface, no access expression can be specified for the input side of that interface.
In Figure 53, two routers each connect a Token Ring to an FDDI backbone. On both Token Rings,
SNA and NetBIOS bridging support is required. On Token Ring A, NetBIOS clients must
communicate with any NetBIOS server off Token Ring B or any other, unpictured router. However,
the two 3174 cluster controllers off Token Ring A must only communicate with the one FEP off of
Token Ring B, located at MAC address 0110.2222.3333.
Without access expressions, this scenario cannot be achieved. A filter on Router A that restricted
access to only the FEP would also restrict access of the NetBIOS clients to the FEP. What is needed
is an access expression that would state “If it is a NetBIOS frame, pass through, but if it is an SNA
frame, only allow access to address 0110.2222.3333.”
Figure 53 Access Expression Example
Note Using access-expressions that combine access filters disables the autonomous or fast
switching of source-route bridging frames.
S1111a
FDDI
3174
NetBIOS clients
Token
Ring
3174
IBM FEP
address
0110.2222.3333
Token
Ring
NetBIOS servers
Router A Router B
 previous next