From: MADMAN (dmadlan@xxxxxxxxx)
Date: Mon May 20 2002 - 16:10:20 GMT-3
I'm no IPX guru and less of an NLSP one but since NLSP is a link state
prtocol I would think you may have some of the same issues as in OSPF
network filters.
So that said try something like:
access-list 1001 deny FFFFFFFF 30C
access-list 1001 deny FFFFFFFF 47
access-list 1001 deny FFFFFFFF 640
access-list 1001 deny FFFFFFFF 414
access-list 1001 permit FFFFFFFF
interface serial 1/0.16
ipx output-sap-filter 1001
Dave
"Bezverkhi, Serguei" wrote:
>
> Hello George and Cisco experts,
>
> Thank you George for your advice!
> I did multiple tests and my personal conclusion is that IPX filtering is
> the most unpredictable thing I have ever seen with Cisco IOS. There are
> a few commands that are working well like: ipx output-sap-filters. But
> everything distribute-sap-list is just unpredictable. I have seen some
> guys from Cisco on this list, I would really appreciate if Cisco people
> could provide some information on what commands and commands combination
> can be used for sap filtering during redistribution and filtering SAP in
> outgoing updates.
>
> Here is the example that does not work, but it should
> !
> int lo 0
> ipx netw 12
> !
> int e 0
> ipx netw 222
> !
> ipx router eigrp 102
> net 12
> distribute-sap-list Filter-Out out - I want to filter one particular
> SAP in all outgoing SAP advertisements. ! ipx access-list sap
> Filter-Out deny 21.0000.0001.0021 4 FS1 permit any 0 ! This does not
> work!! But when I use the same access-list with ipx output-sap-filter
> Filter-Out on the Ethernet interface and it is working fine.
> If Cisco experts cannot clarify this situation I will have to just hope
> that I will not get this kind of question on the lab exam.
>
> If anybody have a clear understanding of IPX filtering appreciate a lot
> if you share it.
>
> Regards
>
> Serguei
>
> -----Original Message-----
> From: George Spahl [mailto:g.spahl@insightbb.com]
> Sent: May 20, 2002 2:04 PM
> To: Bezverkhi, Serguei; ccielab@groupstudy.com; Kato Jr, Masao G
> Subject: RE: RIP NLSP and SAP filtering
>
> Serguei,
> If this were IP the command "distribute-list 10 out eigrp 99" it could
> accurately be interpreted as "distribute-list 10 (for routes coming)
> out (of) eigrp 99" so when you're using the routing protocol argument
> the syntax seems kind of backwards. Here's an example:
> router ospf 11
> redistribute rip metric 5 subnets
> network 172.16.134.13 0.0.0.0 area 2
> distribute-list 13 out rip
> Here the distribute-list statement controls the routes that are being
> distributed into OSPF from RIP
>
> I've done a little testing and it seems that this is also the case with
> IPX (sort of). The example below seemed to work: (blocks IPX net 813
> from being redistributed into EIGRP from NLSP):
> access-list 813 deny 113
> access-list 813 permit FFFFFFFF
>
> ipx router eigrp 14356
> redistribute nlsp
> distribute-list 813 out nlsp
> network 356
>
> However, using this same method while redistributing into NLSP from
> EIGRP did not work. I don't understand why it shouldn't at all.
> Perhaps, my results aren't correct.
>
> Also, with respect to the "distribute-sap-list 1001 out EIGRP(or NLSP)"
> I couldn't get it to work at all; in either direction. The functionality
> just doesn't seem to be there. All I can say is that those were my
> results. My testing wasn't extensive so I hereby throw down the
> gauntlet to all the IPX aficionados out there to prove otherwise,
> thereby setting the record straight! As for your specific case I think
> you could go to your downstream NLSP routers and use a simple
> "distribute-list 800 in" to block FS1. Hope this helps! George
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Bezverkhi, Serguei
> Sent: Sunday, May 19, 2002 8:26 PM
> To: ccielab@groupstudy.com; Kato Jr, Masao G
> Subject: RIP NLSP and SAP filtering
>
> Hello gentlemen,
>
> I have a strange SAP filtering problem, here is the scenario. On one
> router's loopback and Ethernet interfaces are IPX RIP, there are 2
> static SAP (FS1 and FS2 type 4) defined on the loopback's network, and
> two serial interfaces are NLSP with downstream neighbors.Everything
> seems O.k..
> When I try to filter outgoing sap advertisement (I want just FS2 to be
> visible to the rest of the network), sometimes both SAP disappear
> sometimes no changes at all. Appreciate any ideas or guidelines for best
> practices on IPX redistribution.
>
> Here is the config:
>
> version 12.2
> !
> ipx routing 0000.0000.0021
> ipx internal-network 210021
> !
> !
> !
> !
> interface Loopback0
> ipx network 21
> !
> interface Ethernet0
> ipx network 50
> !
> interface Serial0
> ipx network 122
> ipx nlsp 212210 enable
> !
> interface Serial1
> ipx network 121
> ipx nlsp 212210 enable
> !
> !
> ipx router nlsp 212210
> distribute-sap-list Filter-Out out rip
> area-address 0 0
> !
> !
> ipx router rip
> no network 122
> no network 121
> !
> !
> ipx sap 4 FS1 21.0000.0001.0021 451 2
> ipx sap 4 FS2 21.0000.0002.0021 451 2
> !
> !
> ipx access-list sap Filter-Out
> deny 21 4 FS1
> permit FFFFFFFF
> !
> end
>
>
>
> Serguei Bezverkhi
> Technical Consultant
> HP Services
> Hewlett-Packard (Canada) Ltd.
>
> 514.856.6347 phone
> 514.856.6333 fax
> 514.9278254 mobile
>
> Serguei.Bezverkhi@hp.com
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:02 GMT-3