Tài liệu Networking and Desktop Protocols docx

Terms you’ll need to understand:✓ Internetwork Packet Exchange IPX ✓ Routing Information Protocol RIP ✓ NetWare Link State Protocol NLSP ✓ Enhanced Interior Gateway Routing Protocol EIGR

Terms you’ll need to understand:

✓ Internetwork Packet Exchange (IPX)

✓ Routing Information Protocol (RIP)

✓ NetWare Link State Protocol (NLSP)

✓ Enhanced Interior Gateway Routing Protocol (EIGRP)

✓ Windows Internet Naming Service (WINS)

✓ Dynamic Host Configuration Protocol (DHCP)

Techniques you’ll need to master:

✓ Describing how desktop protocols function

✓ Explaining the routing mechanisms for desktop protocols

✓ Managing and configuring desktop support onCisco routers

✓ Explaining how Windows clients browse a network

This chapter describes some of the more commonly used desktop protocols, with

an emphasis on topics covered in the CCIE Routing and Switching exam Thefollowing CCIE blueprint objectives, as defined by the Cisco Systems CCIEprogram, are covered:

➤ Internetwork Packet Exchange (IPX)—NetWare Link Services Protocol

(NLSP), IPX RIP, IPX Service Advertising Protocol (SAP), IPX EIGRP,Sequenced Packet Exchange (SPX), Network Control Protocol (NCP),IPXWAN, IPX addressing, get nearest server (GNS) requests, Novell Direc-tory Services (routing and mechanisms), access lists

➤ AppleTalk—Routing Table Maintenance Protocol (RTMP), AppleTalk

Up-date-Based Routing Protocol (AURP), AppleTalk EIGRP, Datagram ery Protocol (DDP), Zone Information Protocol (ZIP), Name BindingProtocol (NBP), addressing (phases 1 and 2), access lists

Deliv-➤ DECnet/OSI—Addressing, access lists

➤ Windows NT—NetBIOS, browsing, domain controller (such as WINS),

ac-cess lists

As with other chapters in this book, additional information is provided for ness and in preparation for additional subjects as the CCIE program expands

complete-Internetwork Packet Exchange (IPX)

Novell released IPX in 1980 IPX was very popular, but it was primarily designedfor local area networks (LANs) The IPX protocol is based on service advertise-

ments, called service access point (SAP) When Cisco routers are deployed in IPX

networks, they offer increased capabilities that are not usually available For ample, Cisco routers can forward specific IPX broadcasts that allow serverlessIPX LANs to function normally In this chapter, we will discuss the role of Ciscorouters and operation of IPX in greater detail

ex-IPX servers and printers send out SAPs (which are broadcast frames), and Cisco

routers listen for the SAPs and install them into a SAP table For example, when

a PC, running IPX attempts to connect to a server, it sends out a request called a

get nearest server (GNS) request If there are any local servers, they respond to the

PC’s GNS request If there are no IPX servers on the local network, the Ciscorouter responds instead The client PC then makes a direct connection request tothe local or remote server through the Cisco router

Keep in mind that GNS requests are sent as broadcast frames, and excessivebroadcasts reduce bandwidth for end users Later in this chapter, we’ll examinehow to manage GNS requests and SAPs

NetWare Protocol Suite

At this point, let’s take a look at the NetWare protocol suite (shown in Figure 7.1)and how Novell’s implementation of a proprietary protocol relates to the OSImodel As you can see in Figure 7.1, the Novell protocol suite provides applica-tion services through NetBIOS, the NetWare shell determines whether the ap-plication requires network services The routing protocol used by Novell by default

is IPX RIP Let’s discuss each layer and associated protocols of the IPX model

Application Layer (NCP)

The higher layers of IPX (layers 5 through 7) provide end users with the ability toview files on servers NetWare Core Protocol (NCP) is used to send and receivefiles, send print jobs, and provide security These are just some of NCP’s majorfunctions that are performed by the Application layer of the IPX protocol suite.The service access point application protocol rests on top of IPX and is used toadvertise IPX services, such as file servers and printers SAPs are sent as broad-casts, so if you have a lot of servers and printers, you can significantly increaseyour broadcast traffic SAP services are identified in the IPX packet For ex-ample, the file server SAP has a type code 4, and printers have a type code 7 Acomplete list of all the SAP codes is available on Novell’s Web site (search for the

keyword SAP on www.novell.com).

SPX

Routing Protocol, IPX RIP, NLSP EIGRP IPX

Ethernet, Token Ring, FDDI, Frame Relay, PPP, and more

OSI Model

Applications such as Network Control Protocol (NCP) and Service Access Point (SAP)

Figure 7.1 NetWare protocol suite.

Transport Layer (SPX)

The Transport layer uses the Sequenced Packet Exchange (SPX) protocol in the IPXmodel SPX provides reliable services and is connection-orientated SPX is simi-lar to TCP because of its ability to provide reliable connection-oriented services

Network Layer (IPX)

The IPX Network layer provides each device with a unique network layer addressused to reach local and remote networks IPX is connectionless Like any routableprotocol, there must be some form of addressing IPX addressing is unique in that

it provides for almost three times as many possible addresses as IP addressing

An IPX address is made up of 80 bits The first 32 bits identify the network, andthe next 48 bits are taken from the MAC address Together, these create an IPXaddress Having all these SAPs and addresses is a benefit of IPX, however, thenext question is how does IPX route all this across the wide area network (WAN)?

To populate the IPX routing table so that routers can route IPX traffic across theWAN, Cisco routers can use the following protocols:

➤ IPX RIP—IPX Routing Information Protocol

➤ IPX NLSP—IPX NetWare Link State Protocols

➤ IPX EIGRP—IPX Enhanced Interior Gateway Routing Protocol

NLSP is the latest implementation used to address the concerns of IPX RIP,such as poor convergence times and hop count limits IPX RIP supports a maxi-mum hop count of only 15 hops, whereas IPX NLSP supports up to 127 hops.Therefore, IPX NLSP is more scalable because the increased hop count allowsfor a greater network diameter NLSP is a link-state protocol, which means anadministrator can take advantage of all the qualities of link-state protocols asopposed to distance-vector protocols These qualities include faster convergenceafter a network change and NLSP’s support for hierarchical network design, whichallows for networking devices to be grouped into areas and domains There is noneed to use an Address Resolution Protocol (ARP), because the node address istaken from the unique MAC address

Note: The node portion of an IPX address (the last 48 bits) on a serial interface is

taken from a LAN interface, because serial interfaces do not have a MAC address This portion of the IPX address is taken from the first active Ethernet, Token Ring, and then FDDI interfaces.

Data Link and Physical Layer

The Data Link and Physical layers are designed to provide physical connectivity

at an electrical level, that is the Physical layer, and they provide a reliable transit

of data across the Physical layer, that is the Data Link layer IPX can run over

many LAN technologies, such as Ethernet and Token Ring Further, IPX can runover wide area networks, such as Frame Relay and Point-to-Point Protocol (PPP).Let’s now look at how IPX is routed and configured on a Cisco router using thethree available options—IPX RIP, IPX NLSP, and IPX EIGRP.

Routing Information Protocol (RIP)

The Routing Information Protocol designed for IPX is a distance-vector protocol

that uses hop counts and ticks as the metric Remember, a tick is a measure of delay

on an interface IPX RIP will load balance if the hops and tick count are the same

Let’s examine the configuration tasks on a Cisco router and the available show

commands used to monitor and verify proper operation of IPX By default, CiscoIOS runs IPX RIP unless configured otherwise To enable IPX RIP routing, yousimply type the following command in global mode:

ipx routing

Like IP, you then configure network addressing on the interface that will runIPX This is completed with the following IOS command:

ipx network <network number> encapsulation <encapsulation type>

IPX RIP supports a number of encapsulation types Table 7.1 shows the optionsavailable on Cisco routers

If no encapsulation is entered when you configure a Cisco router interface for

IPX, novell-ether for Ethernet and sap for Token Ring are the encapsulation

types set by default

The main features of IPX RIP are that it’s a distance-vector protocol,and the metric is based on ticks and hop counts The maximum hopcount is 15 IPX RIP periodically sends out updates every 60 seconds

Do not confuse this interval with the IP RIP update interval, which is

30 seconds

Table 7.1 Cisco encapsulation options.

Media Cisco Name Novell Name

Ethernet novell-ether Ethernet_802.3

sap Ethernet_802.2 arpa Ethernet_II snap Ethernet_Snap

snap Token-Ring_Snap

IPX RIP Configuration Task List

Now, let’s examine the configuration of a simple IPX network using IPX RIP.Later in this chapter, we’ll use the same network to demonstrate using NLSPand EIGRP to route IPX

As you can see in Figure 7.2, there are two routers—R1 and R2 Both routershave a local IPX segment In this section, you’ll apply the default encapsulation

on all segments to novell-ether (which means that no additional configuration isrequired because novell-ether is the default) Listing 7.1 displays the configura-tion required on both routers

Listing 7.1 IPX configuration on routers R1 and R2

Note: In Listing 7.1, notice that the IPX network number on the serial link is the

same If the network numbers were different, the two routers would not share IPX routing information.

Listing 7.2 shows the IPX routing table on router R1 by using the command

show ipx route.

Listing 7.2 The show ipx route command on the R1.

R1#sh ipx route

Codes: C - Connected primary network,c-Connected secondary network

S - Static, F - Floating static, L - Local (internal),

R - RIP, E - EIGRP, N - NLSP, X - External, A - Aggregate

s - seconds, u - uses

3 Total IPX routes Up to 1 parallel paths and 16 hops allowed.

C 1 (NOVELL-ETHER), Et0

C BAD (HDLC), Se2

R 2 [07/01] via BAD.0000.0c8e.774b, 4s, Se0

As you can see in Listing 7.2, the IPX routing table is very similar to an IProuting table The table displays, which IPX networks, are reachable locally (C)and remotely (R) The network highlighted in Listing 7.2 has been discovereddynamically using the IPX RIP (indicated by the letter R) protocol The delayand hop count is described in square brackets [07/01], where 07 is the delay, 01 isthe hop count The next hop address is indicated as BAD.0000.0c8e.774b viaSerial 0 (Se0) On R1 in Listing 7.2, you can see that the remote IPX networknumber 2 is reachable via the serial 0 interface Notice also that the network wassourced by the IPX RIP protocol, because this network is designated with the R

on the left side

Let’s look at some useful show commands that describe the state of IPX Listing 7.3 displays the configuration parameters on an interface by using the show ipx interface <interface number> command.

Listing 7.3 The show ipx interface command.

R1# show ipx interface Ethernet 0

Ethernet0 is up, line protocol is up

IPX address is 1.0000.0c75.d97e, NOVELL-ETHER [up]

Delay of this IPX network, in ticks is 1 throughput 0 link delay 0 IPXWAN processing not enabled on this interface.

IPX SAP update interval is 1 minute(s)

IPX type 20 propagation packet forwarding is disabled

Incoming access list is not set

Outgoing access list is not set

IPX helper access list is not set

SAP GNS processing enabled,delay 0ms,output filter list is not set SAP Input filter list is not set

SAP Output filter list is not set

SAP Router filter list is not set

Input filter list is not set

Output filter list is not set

Router filter list is not set

NetBIOS Input host access list is not set

NetBIOS Input bytes access list is not set

NetBIOS Output host access list is not set

NetBIOS Output bytes access list is not set

Updates each 60 seconds, aging multiples RIP: 3 SAP: 3

SAP interpacket delay is 55 ms, maximum size is 480 bytes

RIP interpacket delay is 55 ms, maximum size is 432 bytes

IPX accounting is disabled

IPX fast switching is configured (enabled)

RIP packets received 14415, RIP packets sent 42177

SAP packets received 0, SAP packets sent 7

The output shown in Listing 7.3 displays a wealth of information From thisdisplay, you can see that the encapsulation is Novell-Ether and the network number

is 1 You can also see that IPX is sending updates every 60 seconds

Now, let’s use the show ipx server command to see which SAPs are available on

the Cisco router named R1, as shown in Listing 7.4

Listing 7.4 The show ipx server command.

R1#show ipx server

Codes: S - Static, P - Periodic, E - EIGRP, N - NLSP,

H - Holddown, + = detail

2 Total IPX Servers

Table ordering is based on routing and server info

Type Name Net Address Port Route Hops Itf

P 4 server1 2.0000.0000.0001:0451 7/01 2 Se0

P 7 printer1 2.0000.0000.0001:0451 7/01 2 Se0

The SAP table shown in Listing 7.4 lists all the SAPs collected by router R1

Listing 7.4 describes two services available, namely a server called server1 and a printer named printer1 As you can see in the table, the services are reachable

through serial 0 with a hop count of 2

Finally, here are a number of commands that you can use to troubleshoot IPXRIP (including the commands mentioned earlier in this section):

➤ debug ipx routing—Displays information about IPX routing packets.

➤ debug ipx sap activity—Provides detailed output of SAP packets, including

displays of services in SAP packets

➤ ipx maximum paths <number>—Defines the maximum allowed paths for load

balancing The default is set to 1, which means there is no load balancing

➤ show ipx interface—Describes the IPX interface configuration.

➤ show ipx route—Displays the IPX routing table.

➤ show ipx server—Displays the SAPs seen by the router.

➤ show ipx traffic—Displays IPX statistics.

NetWare Link State Protocol (NLSP)

Instead of using a distance-vector protocol to route IPX and have all the ated problems (such as convergence time and full routing updates), you can useNLSP to carry network information so that remote networks can be visible toeach other by populating an IPX routing table NLSP provides the ability topropagate IPX networks without the need to send periodic updates NLSP pro-vides a number of advantages over IPX RIP, including:

associ-➤ No periodic updates are sent Updates are sent only when a change occurs.The whole link-state database is exchanged at a predefined interval The de-fault is 2 hours on a Cisco router

➤ NLSP uses a better metric than hops and ticks; instead, NLSP is based oncost The cost-based approach provides the administrator with the ability todefine preferred links by assigning differing costs

➤ The maximum NLSP hop count is 127, compared to 15 with IPX RIP

➤ Like any link-state protocol, convergence is much faster

NetWare Link State Protocol uses hello packets to discover new IPX-speaking

routers Further, NLSP is backward compatible with IPX RIP Let’s take a look

at the tasks involved in configuring NLSP on a Cisco router

Configuring NLSP

To configure NLSP on a Cisco router, you need to define an internal network

number by using the ipx internal-network network-number IOS command The

internal network number must be unique across the network After you assign

the number, you start NLSP by executing the ipx router nlsp command.

Note: As mentioned earlier, Cisco routers use IPX RIP to send updates by default, if

IPX routing is configured Therefore, you must disable all IPX RIP networks that will use NLSP; otherwise, both NLSP and IPX RIP will be used to advertise the

network To start NLSP on an interface, use the ipx nlsp enable command.

Let’s revisit the network shown earlier in the chapter in Figure 7.2 In this tion, you’ll change the IPX routing protocol to NLSP and disable IPX RIP List-ings 7.5 and 7.6 display the configurations required for routers R1 and R2

sec-Listing 7.5 Enabling NLSP and disabling IPX RIP on router R1

! This command enables IPX NLSP on E0

interface Serial0

ipx network BAD

ipx nlsp enable

! Enable NLSP with the following command The area command defines

! which networks are in NLSP A value of 0 indicates to place all

! networks in NLSP

ipx router nlsp

area-address 0 0

!

! IPX RIP is disabled with the following command.

no ipx router rip

! Enable NLSP with the following command The area command defines

! which networks are in NLSP A value of 0 indicates to place all

! network in NLSP.

ipx router nlsp

area-address 0 0

!

! IPX RIP is disabled with the following command.

no ipx router rip

As you can see in Listings 7.5 and 7.6, the no ipx router rip command disables

the IPX RIP process

Note: Typically on a WAN interface, IPXWAN is used IPXWAN is a connection

startup protocol that can be used between different router vendors To enable

IPXWAN, you must first remove any ipx network statements and then add ipx

ipxwan.

NLSP is a link-state protocol, and you have a number of useful IOS commandsthat you can use to tell you what is happening in a NLSP environment usingCisco routers To begin, let’s look at the IPX routing table shown in Listing 7.7

Listing 7.7 The show ipx route command with NLSP enabled.

R1#sh ipx route

Codes: C - Connected primary network,c-Connected secondary network

S - Static, F - Floating static, L - Local (internal), W - IPXWAN

R - RIP, E - EIGRP, N - NLSP, X - External, A - Aggregate

s - seconds, u - uses

5 Total IPX routes Up to 1 parallel paths and 16 hops allowed.

L 10 is the internal network

You can also use an IOS command to view NLSP neighbor information, as played in Listing 7.8

dis-Listing 7.8 The show ipx nlsp neighbors command on R1.

R1#show ipx nlsp neighbors

NLSP Level-1 Neighbors: Tag Identifier = notag

System Id Interface State Holdtime Priority Circuit Id R2 Se0 Up 44 0 01

The display in Listing 7.8 details which other NLSP routers are adjacent to R1

In the case of R1, it is adjacent to router R2 From R1’s point-of-view once more,the SAP table shown in Listing 7.9 tells you that NLSP discovered a server andprinter

Listing 7.9 The show ipx route command on R1.

R1#sh ipx route

5 Total IPX routes Up to 1 parallel paths and 16 hops allowed.

L 10 is the internal network

C 1 (NOVELL-ETHER), Et0

C BAD (HDLC), Se2

N 2 [45][05/01] via 20.0000.0000.0001, 65s, Se2

N 20 [45][06/01] via 20.0000.0000.0001, 65s, Se2

In Listing 7.9, the N designator on the left indicates NLSP advertised services

In effect, these services will not be advertised again unless they are unavailable.This saves bandwidth on the serial link between routers R1 and R2, therebysaving bandwidth for end users to use to send data

As with IPX RIP, NLSP has a number of commands that you can use to monitorand troubleshoot NLSP, such as (including the commands mentioned earlier inthis section):

➤ show ipx nslp database—Displays the link-state database.

➤ show ipx nlsp neigbors—Displays NLSP speaking routers.

➤ show ipx nslp spf-log—Displays how many times the SPF algorithm has been

initiated due to a change in network availability

➤ show ipx route—Displays any remote networks and the next hop address.

➤ show ipx server—Displays any SAPs received on an IPX interface such as

servers and printers

Now, let’s complete our IPX routing protocols discussion by looking at the Ciscoproprietary method of advertised IPX networks—using EIGRP

Enhanced Interior Gateway Routing Protocol (EIGRP)

You can implement Cisco’s proprietary method of routing IPX by using EIGRP.Chapter 6 discusses EIGRP in detail in relation to IP routing IPX EIGRP isused to route IPX EIGRP can also route AppleTalk, which is discussed later inthis chapter To begin the IPX EIGRP discussion, let’s first look at the tasksrequired to configure EIGRP for IPX

Cisco IOS will automatically redistribute IPX if you are using IPX RIP orIPX EIGRP on the same router likewise if you are using IPX RIP andNLSP You must manually configure redistribution between NLSP andIPX EIGRP

Configuring IPX EIGRP

To enable IPX EIGRP, you must apply the following command:

ipx router eigrp <AS>

Next, you apply the network that you want to advertise using IPX EIGRP Toillustrate, let’s modify the configuration shown earlier in this chapter in Figure 7.2

to use EIGRP Listings 7.10 and 7.11 show the new configurations for routersR1 and R2 after enabling EIGRP

Listing 7.10 Enabling EIGRP and disabling IPX RIP on router R1

hostname R1

ipx routing 0000.0c75.d97e

!

interface Ethernet0

ipx network 1

!

interface Serial0

ipx network BAD

! Enable IPX EIGRP in AS 1

ipx router eigrp 1

network 1

network BAD

! Disable IPX RIP

no ipx router rip

ipx network BAD

ipx router eigrp 1

Let’s examine the new IPX routing table after EIGRP is enabled on router R1(shown in Listing 7.12)

Listing 7.12 The show ipx route command after enabling EIGRP.

R1#sh ipx route

Codes:C - Connected primary network,c -Connected secondary network

S - Static, F - Floating static,L-Local (internal),W-IPXWAN

R - RIP, E - EIGRP, N - NLSP, X - External, A - Aggregate

As you can see in Listing 7.12, IPX network 2 is reachable via IPX EIGRP (E).The SAP table will display that the server and printer are advertised by EIGRP.Notice that the metric displayed in Listing 7.13 is a cost value based on theEIGRP metric calculation.

Listing 7.13 The show ipx server command after enabling EIGRP.

R1#sh ipx server

Codes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H - Holddown

2 Total IPX Servers

Table ordering is based on routing and server info

Type Name Net Address Port Route Hops Itf

E 4 server1 2.0000.0000.0001:0451 22798336/00 2 Se2

E 7 printer1 2.0000.0000.0001:0451 22798336/00 2 Se2

As with IPX RIP and IPX NLSP, IPX EIGRP has a number of commands thatyou can use to maintain your IPX network Some commonly used commands arelisted here (including the commands mentioned earlier in this section):

➤ show ipx eigrp interface—Displays which interfaces are running IPX EIGRP

and if there is a peer on that interface

➤ show ipx eigrp neighbor—Displays neighbors.

➤ show ipx eigrp topology—Details specific information about how IPX

net-works have been acquired

➤ show ipx route—Displays the contents of the IPX routing table.

➤ show ipx server—Lists the services available as announced via SAPs.

Now that we have defined the three available methods to route IPX using CiscoIOS commands, it’s time for us to examine how you can use access lists to man-age traffic sent by IPX devices

In addition to using access lists, you can send IPX traffic over an IPbackbone using a tunnel interface This can help reduce IPX WAN-based traffic and provide more bandwidth for user data based traffic

IPX and Access Lists

In the first portion of this chapter, we discussed how IPX is broadcast intensive

We also discussed ways to use Cisco’s propriety routing protocol (IPX EIGRP)

to reduce broadcasts Another way to conserve bandwidth is to use access lists.Access lists can help you manage IPX traffic The access list numbers that areavailable for use with IPX are:

➤ Standard IPX filters—Ranges from decimal 800 through 899

➤ Extended IPX filters—Ranges from decimal 900 through 999

➤ SAP filters—1000 through 1099; SAP filters are also used to limit GNS

re-quests

Note: Cisco IOS allows you to modify other parameters that limit the way IPX sends

and receives updates For example, you can change the default IPX SAP update

interval (ipx sap-interval <seconds>) and IPX RIP update interval (ipx

update-time <seconds>) This is one of the ways that you can limit IPX traffic without using

ACLs or SAP filters.

The best way to illustrate access lists is to look at an example for each filter type.For this example, refer to Figure 7.3 Notice the figure displays the direction ofSAP updates, IPX routing updates, and GNS requests Further, you can see inthe figure that both routers have a loopback interface (a software interface) run-ning IPX

Standard IPX Filters

The first step when applying a standard IPX filter is to reinstall IPX RIP as the

preferred method of routing IPX To accomplish this, you reissue the ipx router rip IOS command.

After enabling IPX RIP with the ipx router rip command, we need to create an

access list to stop the network from installing router R2 in router R1’s IPX routingtable For this task, you simply use a standard access list, as shown in Listing 7.14

Listing 7.14 IPX Access list example.

interface serial0

ipx input-network filter 800

! Applies access list to

incoming RIP updates

access-list 800 deny 2.ffff.ffff.ffff

! Stops rip updates

learned from IPX network 2

access-list 800 permit -1

!Permits all other networks

The number -1 in the access list indicates to match all networks Next, you apply the access list with the ipx input-network-filter 800 interface command This

command filters incoming IPX RIP updates You can also filter outgoing

net-work filters by using the ipx output-netnet-work-filter <800-899> command After

executing the preceding commands, router R1 will not have network 2 in itsrouting table, as shown in Listing 7.15

Listing 7.15 The show ip route command after filtering network 2 as show

Sends SAP

IPX RIP Sends SAP

SAP

E0 Serial0

Printer

Printer Client PC

Server

(Also listens for GNS queries

and replies to them)

Figure 7.3 Using access lists and GNS filters to manage IPX traffic.

As you can see in Listing 7.15, the network filter stops network 2 and allows allothers, such as the Network 4 loopback interface via the next hop addressBAD.0000.0c8e.774b.

Extended IPX Filters

Extended IPX access list can be applied to both source and destination addresses.Extended IPX filters range from decimal 900 through 999 Quality examples onextended IPX access-lists can be found in the IOS documentation CD or at thefollowing Web site:

http://cco/univercd/cc/td/doc/product/software/ios112/112cg_cr/6rbook/6ripx.htm#xtocid204644

SAP Filters

Let’s now examine how you can use a SAP filter to stop the printer from beingadvertised to IPX network 1 Let’s say that because there is no need to send printjobs over the WAN, you want to reduce the SAP traffic by placing a filter onrouter R2 to stop the printer from being advertised Placing the filter on R2 willmean that the SAP does not get broadcast over the WAN The IOS syntax used

to create a SAP filter is:

ipx output-sap-filter <access list number>

A SAP filter can also be applied on inbound traffic by using the following command:

ipx input-sap-filter <access list number>

Listing 7.16 shows an example of denying a printer from being advertised ing 7.17 shows the SAP table before a SAP filter is applied

List-Listing 7.16 An access list 1000 example of using a SAP filter to stop the

printer from being advertised

Listing 7.17 Router R1’s SAP table before applying a SAP filter.

R1#sh ipx server

Codes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H – Holddown

1 Total IPX Servers

Type Name Net Address Port Route Hops Itf

Codes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H – Holddown

1 Total IPX Servers

Type Name Net Address Port Route Hops Itf

Listing 7.19 An access list 1000 example of denying GNS requests from

being sent to a network 2 server

quests will be forwarded by the access-list 1000 permit –1 command Table 7.2

summarizes the main points about filtering IPX traffic on Cisco routers

You should memorize the three main access lists ranges used tomanage IPX networks These ranges are list 800 through 899, 900through 999, and 1000 through1099, respectively

We will now discuss how Cisco routers can support another proprietary protocolthat was used heavily in the 1980s, namely AppleTalk AppleTalk is still com-mon in today’s networks.

AppleTalk

AppleTalk is a routable protocol that provides access to servers and printers You

can use the Routing Table Maintenance Protocol (RTMP) or Cisco’s EIGRP with

AppleTalk Keep in mind that AppleTalk stations will not recognize EIGRPupdates Therefore, EIGRP is typically used on WANs, while RTMP is imple-mented on LANs

RTMP is a distance-vector protocol Cisco’s implementation using

EIGRP will not propagate any new AppleTalk networks unless a

network event or change occurs

AppleTalk is designed to be a plug-and-play technology, which means that itsimplementation requires little work for end users But, while AppleTalk is easy

on end users, it’s more complex and time consuming on the router administrator.For general reference, Figure 7.4 displays the AppleTalk protocol model com-pared to the OSI model

As you can see in Figure 7.4, many functions are performed at various layers of

the model The lower layers—namely Ethertalk, LocalTalk, TokenTalk, and FDDITalk—are methods used to access different media For example, Ethertalk

is used by AppleTalk to send packets over Ethernet The following summarizesthe main protocols found in an AppleTalk network:

➤ Datagram Delivery Protocol (DDP)—DDP is a connectionless datagram

ser-vice independent of the media type This means that AppleTalk can supportEthernet, Token Ring, and FDDI for example

➤ Name Binding Protocol (NBP)—NBP provides name-to-address association,

similar to DNS in IP networks

Table 7.2 Managing IPX traffic summary.

Access List Type Range Interface Commands

Standard 800 through 899 ipx input-network-filter;

➤ Zone Information Protocol (ZIP)—ZIP provides a means of maintaining zone

name mappings to network numbers This reduces broadcasts in largeAppleTalk networks

When AppleTalk was originally released as an alternative protocol to IP andIPX, you could only have 127 servers and 127 host devices per segment The

original AppleTalk version is known as AppleTalk Phase 1 When the AppleTalk

designers soon become aware that AppleTalk Phase 1 was not scalable, they leased AppleTalk Phase 2, which could support up to 253 devices with multiplenetworks allowable per segment Another benefit of Phase 2 is that it does notlimit the number of servers or end devices Cisco routers support both modes

re-Nonextended (AppleTalk Phase 1) networks allow 127 hosts and 127servers per network, and extended (AppleTalk Phase 2) networks allow

a total of 253 devices With extended networks, you can assign a range

of network numbers, called a cable range in Cisco terminology

Zone Information Protocol (ZIP)

Printer Access Protocol (PAP)

AppleTalk Filtering Protocol (AFP)

Routing Table Maintenance Protocol (RTMP)

Name Binding Protocol (NBP) Datagram

Delivery Protocol (DDP)

AppleTalk Resolution Protocol (AARP)

Ethertalk, LocalTalk, TokenTalk, FDDITalk

IEEE802.3, 802.5, FDDI

AppleTalk Upgrade Routing Protocol (AURP)

Figure 7.4 The AppleTalk protocol suite.

a socket number that is similar to a TCP/IP port A device may contain morethan one socket The AppleTalk address format uses the following syntax:

Network (16 bits) Node (8 bits) Socket (8 bits)

Most textbooks describe the AppleTalk address as 24 bits because the socketaddress is always unique

AppleTalk Address Resolution Protocol (AARP) provides layer 3 networkaddresses in association with the Physical layer (layer 2) addresses.AARP’s equivalent in TCP/IP is the Address Resolution Protocol or IP

ARP The show AppleTalk arp command translates AppleTalk

ad-dresses to physical adad-dresses Remember, devices still need to access

a medium at layer 2, because AppleTalk nodes require the destinationMAC address to send frames to allow communication over the LAN

protocol, such as Ethernet or Token Ring

Now, let’s discuss AppleTalk’s native routing protocol RTMP and then followwith an example

Routing Table Maintenance Protocol (RTMP)

RTMP broadcasts the entire routing table every 10 seconds Similar to previousdiscussions in this chapter regarding broadcasts and distance-vector protocols,you should be cautious when using RTMP in large AppleTalk network becauseRTMP sends out updates every 10 seconds and is a distance vector protocol.The RTMP metric is hops The maximum hops allowable with RTMP is 15

The AppleTalk Update-Based Routing Protocol (AURP) is a Transport

layer protocol that allows AppleTalk networks to be transported acrossyour IP network AURP enables you to transport AppleTalk packets

across your IP network without the need to enable RTMP across yourWAN This can help you to avoid RTMP’s high number of routing tablebroadcasts

Configuring AppleTalk with RTMP

To enable AppleTalk routing, the following steps are required:

1 Enable AppleTalk routing

2 Set interfaces to run AppleTalk by issuing the network range and a zone name.Figure 7.5 illustrates a simple AppleTalk network and the associated ranges on

the LAN and WAN Let’s configure the two routers for AppleTalk In this

ex-ample, router R1’s Ethernet segment will have a network range of 1-1, and router