Re: ipx input/output network filters

From: D. J. Jones (meganac@xxxxxxxx)
Date: Fri Nov 10 2000 - 14:01:25 GMT-3

• Next message: Tony Olzak: "IPSec Firewall"
• Previous message: Tony Olzak: "Re: ccbootcamp Lab 1"
• Maybe in reply to: D. J. Jones: "ipx input/output network filters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
   Sorry I meant to indicate that i'm using redundant routers on each
   side of the tunnels. So would that
   mean that if I receive routes from one tunnel on say router 1, then in
   theory router 2 could try to
   propagate that route back across its tunnel to router 3/4. I read
   where split-horizon is enabled on
   all interfaces which to me means that it would serve to prevent a
   routing loop?
   
   ----- Original Message -----
   
   From: D. J. Jones
   
   To: ccielab
   
   Sent: Friday, November 10, 2000 6:41 AM
   
   Subject: ipx input/output network filters
   
   I want to set up an ipx tunnel between two routers and configure the
   appropriate filters to prevent ipx routing loops.
   
   None of the ipx networks on either router are duplicated so I want
   router A to know all routes from router B and
   
   vice versa. I plan to use loopback0/loopback1 as my tunnel
   source/destinations. Here is my config:
   
   
   
   hostname ipxtunnel
   
   ip subnet-zero
   
   ipx routing
   
   !interface Loopback0
   
   ip address xx.xx.xx.104 255.255.255.255
   
   no ip directed-broadcast
   
   !
   
   interface Loopback1
   
   ip address xx.xx.xx.105 255.255.255.255
   
   no ip directed-broadcast
   
   !
   
   interface Tunnel0
   
   no ip address
   
   no ip directed-broadcast
   
   no ip route-cache
   
   no ip mroute-cache
   
   ipx network AABBCCDD
   
   ipx output-network-filter outbound
   
   tunnel source Loopback0
   
   tunnel destination xx.xx.xx.128
   
   !
   
   interface Tunnel1
   
   no ip address
   
   no ip directed-broadcast
   
   no ip route-cache
   
   no ip mroute-cache
   
   ipx network AABBCCDD
   
   ipx output-network-filter outbound
   
   tunnel source Loopback1
   
   tunnel destination xx.xx.xx.129
   
   !
   
   interface FastEthernet0/0
   
   ip address xx.xx.xx.105 255.255.255.128
   
   no ip directed-broadcast
   
   !
   
   interface FastEthernet0/1
   
   ipx network 12345678
   
   ipx output-sap-filter 1012
   
   no cdp enable
   
   !
   
   no ip classless
   
   !
   
   access-list 901 permit -1
   
   access-list 1012 permit FFFFFFFF 4
   
   access-list 1012 permit FFFFFFFF 29
   
   access-list 1012 permit FFFFFFFF 103
   
   access-list 1012 permit FFFFFFFF 115
   
   
   The other tunnel is configured in a similar fashion. My question is,
   if I permit any ipx net numbers over the tunnel, how do I prevent them
   
   from being re-advertised back through the tunnel? thanks.

• Next message: Tony Olzak: "IPSec Firewall"
• Previous message: Tony Olzak: "Re: ccbootcamp Lab 1"
• Maybe in reply to: D. J. Jones: "ipx input/output network filters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:44 GMT-3