Re: IPX SAP filtering query

From: Joe Soricelli (jsoricelli@xxxxxxxx)
Date: Thu Jun 17 1999 - 10:46:01 GMT-3

• Next message: Joe Soricelli: "Re: Sub Interfaces - Changing Link Type"
• Previous message: Tony Wye: "Re: Sub Interfaces - Changing Link Type"
• Maybe in reply to: Derek Fage: "IPX SAP filtering query"
• Next in thread: Derek Fage: "RE: IPX SAP filtering query"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
If you truly want to keep R2 from seeing the SAP and not just clients on the
IPX/RIP segment, I believe that your only option is to "bypass" R2 with a
tunnel between R1 and R5. Remember though, that if you do this, you must
also place a SAP filter on the interface leading to R1 to keep the SAP from
entering R2 from that direction.

OTOH, if you only want clients on the IPX/RIP segment to not see the SAP,
place an outbound GNS filter on R2 and R5..

-joe
------------------------------------------------------------------
  Joseph M. Soricelli, CCIE #4803, CCNP
  EMAIL: jsoricelli@ccci.com

  Chesapeake Computer Consultants, Inc.
  8110 Gatehouse Road, Suite 101E Phone: (703) 207-0757
  Falls Church, VA 22042 Fax: (703) 207-0441

  FYI - About Chesapeake: We are a Cisco Certified Training and
  professional services partner. We offer most of the Cisco
  training courses as well as training for Fore, NetScout, and
  CheckPoint-1 Firewalls. We provide network consulting services,
  including design, network health, management, firewall,
  and problem solving. We now have 20 CCIEs on our staff
  of instructor/consultants.
-------------------------------------------------------------------

-----Original Message-----
From: Derek Fage <DerekF@itexjsy.com>
To: ccielab@groupstudy.com <ccielab@groupstudy.com>
Date: Thursday, June 17, 1999 7:11 AM
Subject: IPX SAP filtering query

>Hi there,
>
>I'm doing some IPX work in the lab, and have an query about filtering SAP
>advertisements.
>
>R1 --- EIGRP --- R2 --- RIP --- R5
>
>R5 has a static SAP entry, and I can see this using SHOW IPX SERVICES on
all
>three routers. I now want to stop R2 from seeing the service, but R1 must
>still see it.
>
>If I use an sap input filter on the R2 RIP interface with a SAP access
list,
>this also stops the SAP from getting to R1.
>
>If I try to use an extended IPX access list, it seems that I can only block
>all saps from the remote network to this network, but cannot specify the
>service name.
>
>
>Any ideas ?
>
>Derek...
>
>

• Next message: Joe Soricelli: "Re: Sub Interfaces - Changing Link Type"
• Previous message: Tony Wye: "Re: Sub Interfaces - Changing Link Type"
• Maybe in reply to: Derek Fage: "IPX SAP filtering query"
• Next in thread: Derek Fage: "RE: IPX SAP filtering query"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:39 GMT-3