From: Lupi, Guy (Guy.Lupi@xxxxxxxxxxxxx)
Date: Mon May 20 2002 - 15:53:04 GMT-3
Is rip also running for that network? If so, that would explain why the
interface filter works and the eigrp filter doesn't. Do you have rip turned
off for that network, and if it has to be on have you tried a sap list under
rip also?
-----Original Message-----
From: Bezverkhi, Serguei [mailto:Serguei.Bezverkhi@hp.com]
Sent: Monday, May 20, 2002 2:37 PM
To: ccielab@groupstudy.com
Subject: FW: RIP NLSP and SAP filtering
Hello George and Cisco experts,
Thank you George for your advice!
I did multiple tests and my personal conclusion is that IPX filtering is
the most unpredictable thing I have ever seen with Cisco IOS. There are
a few commands that are working well like: ipx output-sap-filters. But
everything distribute-sap-list is just unpredictable. I have seen some
guys from Cisco on this list, I would really appreciate if Cisco people
could provide some information on what commands and commands combination
can be used for sap filtering during redistribution and filtering SAP in
outgoing updates.
Here is the example that does not work, but it should
!
int lo 0
ipx netw 12
!
int e 0
ipx netw 222
!
ipx router eigrp 102
net 12
distribute-sap-list Filter-Out out - I want to filter one particular
SAP in all outgoing SAP advertisements. ! ipx access-list sap
Filter-Out deny 21.0000.0001.0021 4 FS1 permit any 0 ! This does not
work!! But when I use the same access-list with ipx output-sap-filter
Filter-Out on the Ethernet interface and it is working fine.
If Cisco experts cannot clarify this situation I will have to just hope
that I will not get this kind of question on the lab exam.
If anybody have a clear understanding of IPX filtering appreciate a lot
if you share it.
Regards
Serguei
-----Original Message-----
From: George Spahl [mailto:g.spahl@insightbb.com]
Sent: May 20, 2002 2:04 PM
To: Bezverkhi, Serguei; ccielab@groupstudy.com; Kato Jr, Masao G
Subject: RE: RIP NLSP and SAP filtering
Serguei,
If this were IP the command "distribute-list 10 out eigrp 99" it could
accurately be interpreted as "distribute-list 10 (for routes coming)
out (of) eigrp 99" so when you're using the routing protocol argument
the syntax seems kind of backwards. Here's an example:
router ospf 11
redistribute rip metric 5 subnets
network 172.16.134.13 0.0.0.0 area 2
distribute-list 13 out rip
Here the distribute-list statement controls the routes that are being
distributed into OSPF from RIP
I've done a little testing and it seems that this is also the case with
IPX (sort of). The example below seemed to work: (blocks IPX net 813
from being redistributed into EIGRP from NLSP):
access-list 813 deny 113
access-list 813 permit FFFFFFFF
ipx router eigrp 14356
redistribute nlsp
distribute-list 813 out nlsp
network 356
However, using this same method while redistributing into NLSP from
EIGRP did not work. I don't understand why it shouldn't at all.
Perhaps, my results aren't correct.
Also, with respect to the "distribute-sap-list 1001 out EIGRP(or NLSP)"
I couldn't get it to work at all; in either direction. The functionality
just doesn't seem to be there. All I can say is that those were my
results. My testing wasn't extensive so I hereby throw down the
gauntlet to all the IPX aficionados out there to prove otherwise,
thereby setting the record straight! As for your specific case I think
you could go to your downstream NLSP routers and use a simple
"distribute-list 800 in" to block FS1. Hope this helps! George
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Bezverkhi, Serguei
Sent: Sunday, May 19, 2002 8:26 PM
To: ccielab@groupstudy.com; Kato Jr, Masao G
Subject: RIP NLSP and SAP filtering
Hello gentlemen,
I have a strange SAP filtering problem, here is the scenario. On one
router's loopback and Ethernet interfaces are IPX RIP, there are 2
static SAP (FS1 and FS2 type 4) defined on the loopback's network, and
two serial interfaces are NLSP with downstream neighbors.Everything
seems O.k..
When I try to filter outgoing sap advertisement (I want just FS2 to be
visible to the rest of the network), sometimes both SAP disappear
sometimes no changes at all. Appreciate any ideas or guidelines for best
practices on IPX redistribution.
Here is the config:
version 12.2
!
ipx routing 0000.0000.0021
ipx internal-network 210021
!
!
!
!
interface Loopback0
ipx network 21
!
interface Ethernet0
ipx network 50
!
interface Serial0
ipx network 122
ipx nlsp 212210 enable
!
interface Serial1
ipx network 121
ipx nlsp 212210 enable
!
!
ipx router nlsp 212210
distribute-sap-list Filter-Out out rip
area-address 0 0
!
!
ipx router rip
no network 122
no network 121
!
!
ipx sap 4 FS1 21.0000.0001.0021 451 2
ipx sap 4 FS2 21.0000.0002.0021 451 2
!
!
ipx access-list sap Filter-Out
deny 21 4 FS1
permit FFFFFFFF
!
end
Serguei Bezverkhi
Technical Consultant
HP Services
Hewlett-Packard (Canada) Ltd.
514.856.6347 phone
514.856.6333 fax
514.9278254 mobile
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:02 GMT-3