© 1999, cisco systems, inc. 11-1 chapter 11 configuring novell ipx
TRANSCRIPT
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-2
Upon completion of this chapter, you will be able to perform the following tasks:
• Describe basic IPX operation
• Determine the required IPX network number and encapsulation type for a given interface
• Enable the Novell IPX protocol
• Verify IPX connectivity
• Configure and monitor IPX Access Lists and SAP traffic filters
Objectives
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-3
NetWare FileServer
NetWare FileServer
Cisco Routers in NetWare Networks
Cisco Routers in NetWare Networks
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-4
Novell NetWare Protocol Stack
1
2
3
4
5
6
7
Media Access Protocols(Ethernet, Token Ring, WAN, others)
Physical
Data Link
Network
Session
Transport
Presentation
Application
Novell NetWare Protocols
OSIReference
Model
IPX(Internetwork Packet Exchange)
SPX
SAP
RIPNLSP
NETBIOS APPLICATIONSNCP
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-5
• Address is 80 bits (network.node)
• Interface MAC address is part of logical address
• Multiple LAN encapsulations per interface
• Default routing protocol is IPX RIP
• Novell services are advertised using SAP
• NetWare clients find servers with GNS packets
Key Novell NetWare Features
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-6
0000.0c56.de33
Novell IPX Addressing
E0
E1
S0
48 bits (from MAC)
Node
0000.0c56.de34
0000.0c56.de33
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-7
Novell IPX Addressing
4a1d.0c56.de33 E0
E1
S0
48 bits (from MAC)
Network.Node
3f.0c56.de34
2c.0c56.de33
Network 4a1d
Network 3f
Network 2c
Up to 32 bits
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-9
Basic NetWare Operation (cont.)
NWFile
Server
0080.C712.3456-Layer2 MacNIC
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-10
Basic NetWare Operation (cont.)
NWFile
Server
1a.0080.C712.3456-Layer3 NetNIC
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-11
NWFile
Server
Basic NetWare Operation (cont.)
1a.0080.C712.3456-Layer3 Net
NetWare Services
2b.0000.0000.0001-Internal Net
NIC
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-12
- NW Software Router
Basic NetWare Operation (cont.)
1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001
NIC
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-13
Basic NetWare Operation (cont.)
1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001
2b1a......
2b1a......
NICRoutingTable
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-14
Basic NetWare Operation (cont.)
File Server - 4Print Server - 47
1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001
2b1a......
2b1a......
ServicesTable
447…...
447…...
NICRoutingTable
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-15
Basic NetWare Operation (cont.)
File Server - 4Print Server - 47
1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001
2b1a......
2b1a......
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF
NICRoutingTable
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-16
1a.0080.C712.3456
NetWare Services
2b1a......
2b1a......
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF
0000.0C12.3456-Layer2 Mace0
NICRoutingTable
2b.0000.0000.0001
Basic NetWare Operation (cont.)
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-17
Network andEncapsulation
must match
Network andEncapsulation
must match
1a.0080.C712.3456
NetWare Services
2b1a......
2b1a......
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF
1a.0000.0C12.3456-Layer3 Nete0
s0
NICRoutingTable
2b.0000.0000.0001
Basic NetWare Operation (cont.)
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-18
Network andEncapsulation
must match
Network andEncapsulation
must match
1a.0080.C712.3456
NetWare Services
2b1a......
2b1a......
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF
1a.0000.0C12.3456-Layer3 Nete0
s01b.0000.0C12.3456
RoutingTable
1a1b2b...
1a1b2b...
NICRoutingTable
2b.0000.0000.0001
Basic NetWare Operation (cont.)
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-19
1a.0080.C712.3456
NetWare Services
2b1a1b...
2b1a1b...
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF
1a.0000.0C12.3456e0
s01b.0000.0C12.3456
RoutingTable
1a1b2b...
1a1b2b...
NICRoutingTable
2b.0000.0000.0001
Basic NetWare Operation (cont.)
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-20
1a.0080.C712.3456
NetWare Services
2b1a1b...
2b1a1b...
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF e0
s0
RoutingTable
1a1b2b...
1a1b2b...
447…...
447…...
ServicesTable
NICRoutingTable
1a.
1b.
2b.0000.0000.0001
Basic NetWare Operation (cont.)
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-21
1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001
2b1a1b...
2b1a1b...
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF e0
s0
RoutingTable
1a1b2b...
1a1b2b...
447…...
447…...
ServicesTable
NW Client
NIC
NIC
1a.0010.5A12.3456
GNSGNSRoutingTable
1a.
1b.
Basic NetWare Operation (cont.)
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-22
RoutingTable 1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001 (IPX Internal Network)
2b1a1b...
2b1a1b...
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF e0
s0
RoutingTable
1a1b2b...
1a1b2b...
447…...
447…...
ServicesTable
NW Client
NIC
NIC
1a.0010.5A12.3456
GNSGNS
GNS RespGNS Resp
1a.
1b.
Basic NetWare Operation (cont.)
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-23
Determining the IPX Network Number
• Ask the NetWare administrator
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-24
Determining the IPX Network Number
cdp
• Ask the NetWare administrator
• Use Cisco IOS commands to determine the IPX network number on a neighbor Cisco router
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-25
Determining the IPX Network Number
• Ask the NetWare administrator
• Use Cisco IOS commands to determine the IPX network number a neighbor Cisco router
• Use NetWare command to check on the NetWare file server/router
NetWare
config
cdp
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-26
• Ethernet_802.3 (default for NetWare 3.11 or earlier)
802.3 IPXIPX
Multiple Novell Encapsulations
Four types of Ethernet framing
Novell Name Framing Structure
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-27
• Ethernet_802.2 (default for NetWare 3.12 and later)
802.3 802.2 LLC IPXIPX
• Ethernet_802.3 (default for NetWare 3.11 and earlier)
802.3 IPXIPX
Multiple Novell Encapsulations
Four types of Ethernet framing
Novell Name Framing Structure
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-28
• Ethernet_802.2 (default for NetWare 3.12 and later)
802.3 802.2 LLC IPXIPX
• Ethernet_802.3 (default for NetWare 3.11 and earlier)
802.3 IPXIPX
Multiple Novell Encapsulations
Four types of Ethernet framing
• Ethernet_II Ethernet IPXIPX
Novell Name Framing Structure
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-29
• Ethernet_802.2 (default for NetWare 3.12 and later versions)
802.3 802.2 LLC IPXIPX
• Ethernet_SNAP 802.3 802.2 LLC SNAP IPXIPX
• Ethernet_802.3 (default for NetWare 3.11 and earlier versions)
802.3 IPXIPX
Multiple Novell Encapsulations
• Ethernet_II Ethernet IPXIPX
Novell Name Framing Structure
Four types of Ethernet framing
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-30
Cisco Encapsulation Types
Novell IPX Name Cisco IOS Name
Ethernet
Token Ring
FDDIFDDI_SNAPFDDI_802.2FDDI_Raw
Ethernet_802.3
Ethernet_802.2
Ethernet_II
Ethernet_SNAP
Token-RingToken-Ring_SNAP
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-31
Novell IPX Name Cisco IOS Name
Token-RingToken-Ring_SNAP
Ethernet
Token Ring
FDDIFDDI_SNAPFDDI_802.2FDDI_Raw
Ethernet_802.3
Ethernet_802.2
Ethernet_II
Ethernet_SNAP
Cisco Encapsulation Types
Specify encapsulation when you configure IPX networks
novell-ether
sap
arpa
snap
sapsnap
snap
sap
novell-fddi
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-32
Written Exercise: IPX Parameter Planning
EncapsulationNetwork Address
R3 Interface Name
S0S1E1
Write the IPX addresses and encapsulation types for R3
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-33
Written Exercise: IPX Parameter Planning
EncapsulationNetwork Address
R3 Interface Name
S0S1E1
d100
• Write the IPX addresses and encapsulation types for R3
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-34
Written Exercise: IPX Parameter Planning
EncapsulationNetwork Address
R3 Interface Name
S0 hdlcS1E1
d100
• Write the IPX addresses and encapsulation types for R3
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-35
Written Exercise: IPX Parameter Planning
EncapsulationNetwork Address
R3 Interface Name
S0 hdlcS1E1
c0b0d100
• Write the IPX addresses and encapsulation types for R3
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-36
Written Exercise: IPX Parameter Planning
EncapsulationNetwork Address
R3 Interface Name
S0 hdlcS1 hdlcE1
c0b0d100
• Write the IPX addresses and encapsulation types for R3
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-37
Written Exercise: IPX Parameter Planning
EncapsulationNetwork Address
R3 Interface Name
S0 hdlcS1 hdlcE1 b1b0
c0b0d100
• Write the IPX addresses and encapsulation types for R3
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-38
• Write the IPX addresses and encapsulation types for R3
EncapsulationNetwork Address
R3 Interface Name
S0 hdlcS1 hdlcE1 novell-ether
Written Exercise: IPX Parameter Planning
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1
b1b0c0b0d100
R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-39
Novell Uses IPX RIP for Routing
• Uses ticks (about 1/18 sec.) and hop count (maximum of 15 hops)
• RIP broadcasts routing information to neighbor routers every 60 seconds, by default
• SAP broadcasts NetWare services information to neighbor routers every 60 seconds, by default
RIP SAPTables
RIP SAPTables
RIP SAPTables
RIP SAPTables
DD CC BB AA
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-40
Server advertisesfile service
• SAP packets advertise all NetWare network services
Service Advertising Protocol (SAP)
Server advertises print service
Server advertisesfile service
Client
AA
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-41
SAP
• SAP packets advertise all NetWare network services
• Can add excessive broadcast traffic to the network
Server advertises print service
Server advertisesfile service
Router A listens to SAPs SAP
SAP table
Client
AA
Service Advertising Protocol (SAP)
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-42
Get Nearest Server Protocol (GNS)
FileServer
NetWareClient
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-43
Get Nearest Server Protocol (GNS)
FileServer
NetWareClient
GNS request
• GNS is a broadcast from a client needing a server
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-44
Get Nearest Server Protocol (GNS)
FileServer
NetWareClient
GNS request
• GNS is a broadcast from a client needing a server
• NetWare server and Cisco router get this SAP packet
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-45
Get Nearest Server Protocol (GNS)
• GNS is a broadcast from a client needing a server
• NetWare server and Cisco router get this SAP packet
• NetWare server provides GNS response
FileServer
NetWareClient
GNS request
GNS reply
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-46
Novell IPX Configuration Tasks
Novell IPX Configuration Tasks
Global configuration• IPX routing RIP
RIP
IPX
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-47
Novell IPX Configuration Tasks
Novell IPX Configuration Tasks
Global configuration• IPX routing
• Load sharingRIP
RIP
IPX
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-48
RIP
RIP
Network 9e encap arpa
Network 4a encap snap
IPX
Novell IPX Configuration Tasks
Novell IPX Configuration Tasks
Global configuration• IPX routing
• Load sharing
Interface configuration• Network numbers
• Encapsulation type
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-49
Novell IPX Global Configuration
ipx routing [ node ]Router(config)#
• Enables Novell IPX routing
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-50
Router(config)# ipx maximum-paths paths
Novell IPX Global Configuration
• Configures round-robin load sharingover multiple equal metric paths
• Default = 1
Router(config)# ipx routing [ node ]
• Enables Novell IPX routing
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-51
Novell IPX Interface Configuration
Router(config-if)# ipx network network [ encapsulation encapsulation type ]
• Enables IPX routing on the interface
• Assigns IPX network number
• Selects optional encapsulation type
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-52
NetWare Subinterfaces
FS1 NW 3.11
FS1 NW 3.11
FS2 NW 4.11
FS2 NW 4.11
e0.1NIC
NIC
1a.0080.C712.3456
1b.0080.C712.3457
Ethernet_802.3
Ethernet_802.2
1a - novell-ether
1b - sape0.2
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-53
Novell IPX Interface Configuration
Router(config-if)# ipx network network[ encapsulation encapsulation-type ][ secondary ]
• Assign primary and secondary network number and encapsulation
Router(config)# interface type number.subinterface-number
• Specify a subinterface, then enable IPX routing with encapsulation typeOR
Router(config-subif)# ipx network network [ encapsulation encapsulation type ]
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-54
Novell IPX Configuration Example
A
Network 9e
Network 1E0
E1
S0S0
Network 4a
Network 6c
S1 S1
9e.0800.4313.df56 Encapsulation =novell-ether
4a.1234.0000.abcdEncapsulation = sap
6c.0800.1213.13de Encapsulation = sap
Network 3
B
C
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-55
ipx routingipx maximum-paths 2
interface ethernet 0.1 ipx network 9e encapsulation novell-etherinterface ethernet 0.2 ipx network 6c encapsulation sap interface ethernet 1 ipx network 4a encapsulation sap
interface serial 0 ipx network 1
Interface serial 1 ipx network 3
Novell IPX Configuration Example
A
Network 9e
Network 1E0
E1
S0S0
Network 4a
Network 6c
S1 S1
9e.0800.4313.df56 Encapsulation =novell-ether
4a.1234.0000.abcdEncapsulation = sap
6c.0800.1213.13de Encapsulation = sap
Network 3
B
C
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-56
Verifying IPX Operation
show ipx interface
show ipx route
show ipx servers
show ipx traffic
Monitoring Commands
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-57
Verifying IPX Operation
show ipx interface
show ipx route
show ipx servers
show ipx traffic
Monitoring Commands Troubleshooting Commands
debug ipx routing activity
debug ipx sap activity
ping ipx
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-58
Monitoring the Status of an IPX Interface
Monitoring the Status of an IPX Interface
wg_ro_a#show ipx interface e0Ethernet0 is up, line protocol is up IPX address is ABC.00e0.1e5d.ae2f, NOVELL-ETHER [up] Delay of this IPX network, in ticks is 1 throughput 0 link delay 0 IPXWAN processing not enabled on this interface. IPX SAP update interval is 60 seconds IPX type 20 propagation packet forwarding is disabled Incoming access list is not set Outgoing access list is not set IPX helper access list is not set SAP GNS processing enabled, delay 0 ms, output filter list is not set SAP Input filter list is not set SAP Output filter list is not set SAP Router filter list is not set Input filter list is not set Output filter list is not set Router filter list is not set Netbios Input host access list is not set Netbios Input bytes access list is not set Netbios Output host access list is not set Netbios Output bytes access list is not set Updates each 60 seconds aging multiples RIP: 3 SAP: 3 SAP interpacket delay is 55 ms, maximum size is 480 bytes <text omitted>
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-59
Monitoring IPX Routing Tables
wg_ro_a#show ipx routeCodes: C - Connected primary network, c - Connected secondary network S - Static, F - Floating static, L - Local (internal), W - IPXWAN R - RIP, E - EIGRP, N - NLSP, X - External, A - Aggregate s - seconds, u - uses, U - Per-user static
2 Total IPX routes. Up to 1 parallel paths and 16 hops allowed.
No default route known.
C ABC (NOVELL-ETHER), Et0R DEF [02/01] via ABC.00e0.1e5d.c860, 40s, Et0
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-60
Monitoring IPX ServersMonitoring IPX Servers
wg_ro_a#show ipx serverCodes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H - Holddown, + = detailU - Per-user static2 Total IPX Servers
Table ordering is based on routing and server info
Type Name Net Address Port Route Hops Itfp 4 fs1 11.0000.0000.0001:0451 4/03 4 Et0p 4 fs2 21.0000.0000.0001:0451 4/03 4 Et0
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-61
Monitoring IPX Traffic
wg_ro_a#show ipx trafficSystem Traffic for 0.0000.0000.0001 System-Name: wg_ro_aRcvd: 15 total, 0 format errors, 0 checksum errors, 0 bad hop count, 0 packets pitched, 15 local destination, 0 multicastBcast: 13 received, 6 sentSent: 6 generated, 0 forwarded 0 encapsulation failed, 0 no routeSAP: 1 Total SAP requests, 0 Total SAP replies, 0 servers 1 SAP general requests, 0 ignored, 0 replies 0 SAP Get Nearest Server requests, 0 replies 0 SAP Nearest Name requests, 0 replies 0 SAP General Name requests, 0 replies 0 SAP advertisements received, 0 sent 0 SAP flash updates sent, 0 SAP format errorsRIP: 1 RIP requests, 0 ignored, 0 RIP replies, 2 routes 13 RIP advertisements received, 0 sent 0 RIP flash updates sent, 0 RIP format errorsEcho: Rcvd 0 requests, 0 replies Sent 0 requests, 0 replies 0 unknown: 0 no socket, 0 filtered, 0 no helper 0 SAPs throttled, freed NDB len 0Watchdog: 0 packets received, 0 replies spoofed<text omitted>
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-62
wg_ro_a#debug ipx routing activityIPX routing debugging is onIPXRIP: positing full update to 3010.ffff.ffff.ffff via Ethernet0 (broadcast)IPXRIP: positing full update to 3000.ffff.ffff.ffff via Ethernet1 (broadcast)IPXRIP: positing full update to 3020.ffff.ffff.ffff via Serial0 (broadcast)IPXRIP: positing full update to 3021.ffff.ffff.ffff via Serial1 (broadcast)IPXRIP: sending update to 3020.ffff.ffff.ffff via Serial0IPXRIP: src=3020.0000.0c03.14d8, dst=3020.ffff.ffff.ffff, packet sent network 3021, hops 1, delay 6 network 3010, hops 1, delay 6 network 3000, hops 1, delay 6IPXRIP: sending update to 3021.ffff.ffff.ffff via Serial1IPXRIP: src=3021.0000.0c03.14d8, dst=3021.ffff.ffff.ffff, packet sent network 3020, hops 1, delay 6 network 3010, hops 1, delay 6 network 3000, hops 1, delay 6IPXRIP: sending update to 3010.ffff.ffff.ffff via Ethernet0IPXRIP: src=3010.aa00.0400.0284, dst=3010.ffff.ffff.ffff, packet sent network 3030, hops 2, delay 7 network 3020, hops 1, delay 1 network 3021, hops 1, delay 1 network 3000, hops 1, delay 1IPXRIP: sending update to 3000.ffff.ffff.ffff via Ethernet1
Troubleshooting IPX Routing
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-63
wg_ro_a#debug ipx sap activityIPX service debugging is onwg_ro_a#05:31:18: IPXSAP: positing update to 1111.ffff.ffff.ffff via Ethernet0 (broadcast) (full)05:31:18: IPXSAP: Update type 0x2 len 288 src:1111.00e0.1e5d.ae2f dest:1111.ffff.ffff.ffff(452)05:31:18: type 0x7, ”ps21", 21.0000.0000.0001(451), 2 hops05:31:18: type 0x4, "fs31", 31.0000.0000.0001(451), 2 hops05:31:18: type 0x4, "fs41", 41.0000.0000.0001(451), 2 hops05:31:18: type 0x7, "ps51", 51.0000.0000.0001(451), 2 hopswg_ro_a#
Troubleshooting IPX SAP
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-65
Use
access list 800-899 for
standard
Deny Permit
DestinationAddress
SourceAddress
An Example Using an IPX Packet
DataPacket(IPX header)
Frame Header(for example, novell-ether)
Testing Packets with Access Lists
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-66
Use
access list 900-999 for
extended
Deny Permit
DestinationAddress
SourceAddress
An Example Using an IPX Packet
DataPacket(IPX header)
Frame Header(for example, novell-ether)
Testing Packets with Access Lists
Protocol, Socket Number
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-67
Use
access list 1000-1099
for SAP filtering
Deny Permit
Service Advertisement
An Example Using an IPX Packet
DataPacket(IPX header)
Frame Header(for example, novell-ether)
Testing Packets with Access Lists
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-68
Service Advertisement
Use ACL
800-899 standard900-999 extended
1000-1099 SAPDeny Permit
DestinationAddress
SourceAddress
An Example Using an IPX Packet
DataPacket(IPX header)
Frame Header(for example, novell-ether)
Testing Packets with Access Lists
Protocol, Socket Number
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-69
Key Concepts for IPX Access Lists
Key Concepts for IPX Access Lists
• IPX addressing uses a network.node
• Socket number identifies an application or process
• Standard access lists (800-899) can filter source and destination addresses
• Extended access lists (900-999) add protocol and socket number capabilities to the filter
• Access lists (1000-1099) are SAP filters for service types and servers on one or more networks
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-70
Frequent updates reduce the bandwidth for user traffic
Controlling IPX Overhead
Server
Server
SAPRIP
SAPRIP
RouterRouter
SAPRIP
SAPRIP
WAN Link Flooded with Overhead Traffic
Client
GNS
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-71
Step 1: Set parameters for this access list test statement (which can be one of several statements)
Router(config)# access-list access-list-number { deny | permit } { test conditions }
Step 2: Enable an interface to become part of the group that uses the specified access list
Router(config-if)# ipx access-group access-list-number | name [ in | out ]
Access List Command Overview
• IPX access lists are numbered or named• 800-899 - standard• 900-999 - extended
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-72
• Sets parameters for this list entry
• Standard access list uses list number in range 800 to 899
Router(config)# access-list access-list-number { deny | permit } source-network [ .source-node [ source-node-mask ]] [ destination-network ][ .destination-node [ destination-node-mask ]]]
IPX Standard Access List Configuration
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-73
IPX Standard Access List Configuration
Router(config-if)# ipx access-group access-list-number [ in | out ]
• Activates the access list on an interface
• Sets parameters for this list entry
• Standard access list uses list number in range 800 to 899
Router(config)# access-list access-list-number { deny | permit } source-network [ .source-node [ source-node-mask ]] [ destination-network ][ .destination-node [ destination-node-mask ]]]
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-74
Standard IPX Access List Example
Client
ServerClient
E0E2
E1
Network2b
Network3c
Network 4d
access-list 800 permit 2b 4d (implicit deny all)int e 0 ipx network 4d ipx access-group 800 outint e 1 ipx network 3cint e 2 ipx network 2bint e3 ipx network 1a
Server
E3
Network 1a
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-75
IPX Extended Access List Configuration
Router(config)# access-list access-list-number{ deny | permit } protocol [ source-network ][[[ .source-node ] source-node-mask ] | [ .source-node source-network-mask. source-node-mask ]] [ source-socket ] [ destination.network ][[[ .destination-node ] destination-node-mask ] | [ .destination-node destination-network-mask. destination-nodemask ]] [ destination-socket ] [ log ]
• Sets parameters for this list entry
• Extended access list uses list-number in range 900 to 999
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-76
IPX Extended Access List Configuration
Router(config-if)# ipx access-group access-list-number [ in | out ]
• Activates the IPX extended access list on an interface
Router(config)# access-list access-list-number{ deny | permit } protocol [ source-network ][[[ .source-node ] source-node-mask ] | [ .source-node source-network-mask. source-node-mask ]] [ source-socket ] [ destination.network ][[[ .destination-node ] destination-node-mask ] | [ .destination-node destination-network-mask. destination-nodemask ]] [ destination-socket ] [ log ]
• Sets parameters for this list entry
• Extended access list uses list-number in range 900 to 999
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-77
Normal IPX SAP Operation
• Routers does not forward SAP broadcasts
Server/Router C
Server/Router D
Client 2
A Large IPX
Network
Server/Router A
Client 1 Server/Router B
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-78
Normal IPX SAP Operation
• Routers does not forward SAP broadcasts
• IPX routers send SAP table every 60 seconds
SAP Table
Server/Router C
Server/Router D
Client 2
A Large IPX
Network
Server/Router A
Client 1 Server/Router B
SAP Table
SAP Table
SAP Table
SAP Table
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-79
Apply the access list to the interface as an input or output SAP filter
• Output filter: Do not add filtered SAPs to the SAP table sent
How to Use SAP Filters
• Input filter: Do not add filtered SAPs to SAP table
SAP SAP TableSAP
SAP
SAP
SAP Table
SAP
SAP
SAP
SAP
SAPSAP SAP
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-80
SAP Filter Configuration
Router(config)# access-list access-list-number{ deny | permit } network [ .node ] [ network-mask . node-mask ] [ service-type [ server-name ]]
• Creates a SAP filter list
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-81
Router(config)# access-list access-list-number{ deny | permit } network [ .node ] [ network-mask . node-mask ] [ service-type [ server-name ]]
Router(config-if)# ipx output-sap-filter access-list-number
Router(config-if)# ipx input-sap-filter access-list-number
SAP Filter Configuration
• Creates a SAP filter list
• Activates an output SAP Filter on interface
• Activates an input SAP filter on interface
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-82
SAP Filter Example 1
E0
FS-A
FS-B
Internal IPXNetwork 1a
Internal IPXNetwork 2a
FS-C
FS-D
Network 11b
Internal IPXNetwork cc
Internal IPXNetwork dd
Network 4a
Network 9e
Network 12b
E0
E1
S0S0
Cisco BCisco BCisco ACisco A
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-83
SAP Filter Example 1
access-list 1000 permit 1a 4access-list 1000 permit 2a 4interface ethernet 0 ipx network 11binterface serial 0 ipx network 12b ipx output-sap-filter 1000
Only file services from FS-A and FS-B are advertised across router Cisco B’s S0 interface
E0
FS-A
FS-B
Internal IPXNetwork 1a
Internal IPXNetwork 2a
FS-C
FS-D
Network 11b
Internal IPXNetwork cc
Internal IPXNetwork dd
Network 4a
Network 9e
Network 12b
E0
E1
S0S0
Cisco BCisco BCisco ACisco A
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-84
SAP Filter Example 2
access-list 1001 deny -1 7access-list 1001 permit -1interface ethernet 0 ipx network 9einterface ethernet 1 ipx network 4ainterface ethernet 2 ipx network 1 ipx input-sap-filter 1001
Print services from Server Aand B are not entered into the SAP table of router Cisco A
Network 1 Network 3d
E2
To0
E1TokenRingCisco BCisco B
Network 7f
E0
Network 4a
Network 9e
E0
E1
Cisco ACisco A
A
B
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-85
Verifying IPX Access Lists
wg_ro_a#show ipx int e0Ethernet0 is up, line protocol is up IPX address is 11.00e0.1e5d.ae2f, NOVELL-ETHER [up] Delay of this IPX network, in ticks is 1 throughput 0 link delay 0 IPXWAN processing not enabled on this interface. IPX SAP update interval is 60 seconds IPX type 20 propagation packet forwarding is disabled Incoming access list is 801 Outgoing access list is not set IPX helper access list is not set SAP GNS processing enabled, delay 0 ms, output filter list is not set SAP Input filter list is not set SAP Output filter list is not set SAP Router filter list is not set Input filter list is not set Output filter list is not set Router filter list is not set Netbios Input host access list is not set<text omitted>
wg_ro_a#show ipx access-listIPX standard access list 801 permit 12 FFFFFFFF permit 22 FFFFFFFF
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-87
Visual Objective
pod wg_ro’s s0 wg_ro’s e0A 11A 11B 12A 12C 13A 13D 14A 14E 15A 15F 16A 16G 17A 17H 18A 18I 19A 19J 20A 20K 21A 21L 22A 22
s1/0 - s2/3IPX Network 11 … 22
IPX Network 3bbb
IPX Network 11A
IPX Network 22A
core_ server
wg_sw_a
wg_sw_l
wg_pc_a
wg_pc_l
wg_ro_ae0/1 e0/2
e0/2e0/1
e0
e0
fa0/23
core_sw_a
wg_ro_l
core_ro
fa0/24 fa0/0
LL
s0 IPX Network 11
s0
IPX Network 22
...
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-88
s1/0 - s2/3IPX Network 11 … 22
IPX Network 3bbb
IPX Network 11A
IPX Network 22A
Visual ObjectiveVisual Objective
core_ server
wg_sw_a
wg_sw_l
wg_pc_a
wg_pc_l
wg_ro_ae0/1 e0/2
e0/2e0/1
e0
e0
fa0/23
core_sw_a
wg_ro_l
core_ro
fa0/24 fa0/0
LL
s0 IPX Network 11
s0
IPX Network 22
...
SAP
XX
XX
FS2PS2
SAPFS2PS2
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-89
After completing this chapter, you should be able to perform the following tasks:• Describe basic IPX operation
• Determine the required IPX network number and encapsulation type for a given interface
• Enable the Novell IPX protocol
• Verify IPX connectivity
• Configure and monitor IPX Access Lists and SAP traffic filters
Summary
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-90
Review QuestionsReview Questions
1. How many bits are in an IPX network number?
2. How many bits are in an IPX node number?
3. What are the metrics used by IPX RIP?
4. What is the command that enables IPX routing on an interface?
5. Standard IPX Access lists allow filtering of what items?