Re: IPX and ISDN Question

From: Sean C. (Upp_and_Upp@xxxxxxxxxxx)
Date: Sat May 11 2002 - 16:19:18 GMT-3

• Next message: thomas larus: "Re: Will CCIEs qualify for a .pro domain name?"
• Previous message: Geoff Zinderdine: "Re: Call Manager Question"
• Maybe in reply to: Denise Donohue: "IPX and ISDN Question"
• Next in thread: David Luu: "RE: IPX and ISDN Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I've seen some documentation that says to spoof SPX traffic as well as
watchdog-spoof (Caslow 514, Nam-Kee 205) but I don't see it when using the
ACL that was suggested and also used in:
http://www.cisco.com/warp/public/473/87.html

Should ipx spx-spoof still be used when configuring the ACL suggested below?

So would a proper IPX over ISDN configuration be:

int bri 0
no ipx route-cache
ipx watchdog-spoof
ipx spx-spoof
dialer-group1

dialer-list 1 list 900
access-list 900 deny -1 -1 0 -1 452
access-list 900 deny -1 -1 0 -1 453
access-list 900 deny -1 -1 0 -1 457
access-list 900 permit -1

Thanks in advance,
Sean

----- Original Message -----
From: "David Luu" <wicked01@ix.netcom.com>
To: "Denise Donohue" <fradendon@comcast.net>; <ccielab@groupstudy.com>
Sent: Friday, May 10, 2002 6:19 PM
Subject: Re: IPX and ISDN Question

the access-list should be...

access-list 900 deny -1 -1 0 -1 452
access-list 900 deny -1 -1 0 -1 453
access-list 900 deny -1 -1 0 -1 457
access-list 900 permit -1

and also on the bri, add...

no ipx route-cache
ipx watchdog-spoof

At 08:41 PM 5/10/2002 -0400, Denise Donohue wrote:
>Speaking of dumb questions, I'm doing a lab (on Routopia's equipment,
Peter)
>that, in the IPX section, requires you to bring up an ISDN link between 2
>routers only if the serial link between them goes down. And you can only
>use static routing to do this, not snapshot or anything like that.
>
>The routers are running RIP between them. So I don't want RIP or SAP
>updates to bring the link up. According to the Doc CD, the correct acccess
>list to link to the dialer list is this:
>
>access-list 900 deny 0 any all any 457
>access-list 900 deny 0 any sap any sap
>access-list 900 deny 0 any rip any rip
>access-list 900 permit any any all any
>
>I turned off RIP on the ISDN interface, but SAPs still bring the link up,
>even with this access list on the dialer list. The only way I can keep the
>line down is to add a line denying all broadcasts:
>
>access-list 900 deny any any all 72.ffff.ffff.ffff
>
>Have any of you had success creating an access list, to use with a dialer
>list, that will prevent RIP and SAPs both from being interesting traffic,
>without denying all broadcasts?
>
>--- Denise (a real person) ;-)

• Next message: thomas larus: "Re: Will CCIEs qualify for a .pro domain name?"
• Previous message: Geoff Zinderdine: "Re: Call Manager Question"
• Maybe in reply to: Denise Donohue: "IPX and ISDN Question"
• Next in thread: David Luu: "RE: IPX and ISDN Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:54 GMT-3