From: Daniel C. Young (danyoung99@xxxxxxxxxxxx)
Date: Sun Aug 19 2001 - 01:16:22 GMT-3
Hmm...I don't think that you need an extended ACL to filter RIP and SAP.
Beware that the sample on Caslow's book is outdated. The recent IOS now has
keywords for RIP and SAP.
Here my notes when I was preparing for the exam:
For DDR, remember to filter RIP, SAP and Serialization (destination socket
number 0x457) on the dialer-list and configure watchdog and spx spoof on the
interfaces. After SAP is disabled, create static saps and floating ipx
routes on the isdn routers. Also, if configuring floating statics, remember
to redistribute the static route to the dynamic routing protocols.
So, line 3 is for serialization. Novell servers send out serialization
packets to notify of a licensing violation when it is another server is
installed on the same subnet with the same license.
Regards,
Daniel
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Michael Snyder
Sent: Saturday, 18 August 2001 8:36 AM
To: ccielab@groupstudy.com
Subject: IPX dialout access list question
I found the following in Cisco IOS Dial Solutions, Chapter 42, pg 1099
It's a access list, I assume to filter out rip and sap updates from bringing
up the dialer. I'll number the lines because I have question at the end of
the list
1 access-list 901 deny -1 FFFFFFFF 452
2 access-list 901 deny -1 FFFFFFFF 453
3 access-list 901 deny -1 FFFFFFFF 457
4 access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 452
5 access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 453
6 access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 457
7 access-list 901 permit -1
My question is this, doesn't line 4 do everything line 1 does?
Also, What's the third port number? I assume two of these filter out ipx
rip
broadcasts and ipx sap broadcasts.
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:53 GMT-3