© 1999, cisco systems, inc. 11-1 第十一章 配置 novell ipx
TRANSCRIPT
© 1999, Cisco Systems, Inc. 11-1
第十一章配置 Novell IPX
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-2
通过本章的学习,您应该掌握以下内容:• 描述 IPX 协议的基本作用• 确定 IPX 网络的网络号和端口的封装类型• 启用 Novell IPX 协议• 查看 IPX 协议的连接状态• 配置 IPX 访问列表和 SAP 数据过滤
本章目标
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-3
NetWare FileServer
NetWare FileServer
NetWare 网络中的 Cisco 路由器
NetWare 网络中的 Cisco 路由器
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-4
Novell NetWare 协议族
1
2
3
4
5
6
7
Media Access Protocols(Ethernet, Token Ring, WAN, others)
Physical
Data Link
Network
Session
Transport
Presentation
Application
Novell NetWare 协议OSI
参考模型
IPX(Internetwork Packet Exchange)
SPX
SAP
RIPNLSP
NETBIOS APPLICATIONSNCP
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-5
• 80 位的地址 ( 网络 . 主机 )• 端口的 MAC 地址是其逻辑地址的一部分• 每个端口可以有多个局域网封装类型• 缺生路由协议是 IPX RIP
• 用 SAP 宣告 Novell 服务• NetWare 客户端使用 GNS 数据包查找服务
Novell NetWare 主要特性
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-6
0000.0c56.de33
Novell IPX 地址
E0
E1
S0
48 bits (from MAC)
Node
0000.0c56.de34
0000.0c56.de33
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-7
Novell IPX 地址
4a1d.0c56.de33 E0
E1
S0
48 bits (from MAC)
Network.Node
3f.0c56.de34
2c.0c56.de33
Network 4a1d
Network 3f
Network 2c
Up to 32 bits
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-8
NetWare 基本作用
NWFile
Server
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-9
NetWare 基本作用
NWFile
Server
0080.C712.3456-Layer2 MacNIC
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-10
NetWare 基本作用
NWFile
Server
1a.0080.C712.3456-Layer3 NetNIC
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-11
NWFile
Server
NetWare 基本作用
1a.0080.C712.3456-Layer3 Net
NetWare Services
2b.0000.0000.0001-Internal Net
NIC
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-12
- NW Software Router
NetWare 基本作用
1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001
NIC
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-13
NetWare 基本作用
1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001
2b1a......
2b1a......
NICRoutingTable
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-14
NetWare 基本作用File Server - 4Print Server - 47
1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001
2b1a......
2b1a......
ServicesTable
447…...
447…...
NICRoutingTable
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-15
NetWare 基本作用File Server - 4Print Server - 47
1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001
2b1a......
2b1a......
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF
NICRoutingTable
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-16
1a.0080.C712.3456
NetWare Services
2b1a......
2b1a......
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF
0000.0C12.3456-Layer2 Mace0
NICRoutingTable
2b.0000.0000.0001
NetWare 基本作用
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-17
Network andEncapsulation
must match
Network andEncapsulation
must match
1a.0080.C712.3456
NetWare Services
2b1a......
2b1a......
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF
1a.0000.0C12.3456-Layer3 Nete0
s0
NICRoutingTable
2b.0000.0000.0001
NetWare 基本作用
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-18
Network andEncapsulation
must match
Network andEncapsulation
must match
1a.0080.C712.3456
NetWare Services
2b1a......
2b1a......
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF
1a.0000.0C12.3456-Layer3 Nete0
s01b.0000.0C12.3456
RoutingTable
1a1b2b...
1a1b2b...
NICRoutingTable
2b.0000.0000.0001
NetWare 基本作用
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-19
1a.0080.C712.3456
NetWare Services
2b1a1b...
2b1a1b...
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF
1a.0000.0C12.3456e0
s01b.0000.0C12.3456
RoutingTable
1a1b2b...
1a1b2b...
NICRoutingTable
2b.0000.0000.0001
NetWare 基本作用
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-20
1a.0080.C712.3456
NetWare Services
2b1a1b...
2b1a1b...
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF e0
s0
RoutingTable
1a1b2b...
1a1b2b...
447…...
447…...
ServicesTable
NICRoutingTable
1a.
1b.
2b.0000.0000.0001
NetWare 基本作用
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-21
1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001
2b1a1b...
2b1a1b...
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF e0
s0
RoutingTable
1a1b2b...
1a1b2b...
447…...
447…...
ServicesTable
NW Client
NIC
NIC
1a.0010.5A12.3456
GNSGNSRoutingTable
1a.
1b.
NetWare 基本作用
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-22
RoutingTable 1a.0080.C712.3456
NetWare Services
2b.0000.0000.0001 (IPX Internal Network)
2b1a1b...
2b1a1b...
ServicesTable
447…...
447…...
Periodic Broadcastson 1a.FFFF.FFFF.FFFF e0
s0
RoutingTable
1a1b2b...
1a1b2b...
447…...
447…...
ServicesTable
NW Client
NIC
NIC
1a.0010.5A12.3456
GNSGNS
GNS RespGNS Resp
1a.
1b.
NetWare 基本作用
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-23
IPX Network 网络号
• 询问管理员
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-24
IPX Network 网络号
cdp
• 询问管理员
• 通过命令查看网络号
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-25
IPX Network 网络号
• 询问管理员
• 通过命令查看网络号
• 使用 NetWare 命令查看网络号NetWare
config
cdp
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-26
• Ethernet_802.3 (default for NetWare 3.11 or earlier)
802.3 IPXIPX
Novell 多种封装类型
以太网四种帧类型
Novell Name Framing Structure
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-27
• Ethernet_802.2 (default for NetWare 3.12 and later)
802.3 802.2 LLC IPXIPX
• Ethernet_802.3 (default for NetWare 3.11 and earlier)
802.3 IPXIPX
Novell 多种封装类型
以太网四种帧类型
Novell Name Framing Structure
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-28
• Ethernet_802.2 (default for NetWare 3.12 and later)
802.3 802.2 LLC IPXIPX
• Ethernet_802.3 (default for NetWare 3.11 and earlier)
802.3 IPXIPX
Novell 多种封装类型
以太网四种帧类型
• Ethernet_II Ethernet IPXIPX
Novell Name Framing Structure
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-29
• Ethernet_802.2 (default for NetWare 3.12 and later versions)
802.3 802.2 LLC IPXIPX
• Ethernet_SNAP 802.3 802.2 LLC SNAP IPXIPX
• Ethernet_802.3 (default for NetWare 3.11 and earlier versions)
802.3 IPXIPX
Novell 多种封装类型
• Ethernet_II Ethernet IPXIPX
Novell Name Framing Structure
以太网四种帧类型
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-30
Cisco 封装类型
Novell IPX 名称 Cisco IOS 名称
Ethernet
Token Ring
FDDIFDDI_SNAPFDDI_802.2FDDI_Raw
Ethernet_802.3
Ethernet_802.2
Ethernet_II
Ethernet_SNAP
Token-RingToken-Ring_SNAP
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-31
Novell IPX 名称 Cisco IOS 名称
Token-RingToken-Ring_SNAP
Ethernet
Token Ring
FDDIFDDI_SNAPFDDI_802.2FDDI_Raw
Ethernet_802.3
Ethernet_802.2
Ethernet_II
Ethernet_SNAP
Cisco 封装类型
当配置 IPX 网络时要指明端口封装类型
novell-ether
sap
arpa
snap
sapsnap
snap
sap
novell-fddi
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-32
练 习: IPX 参数设置
EncapsulationNetwork Address
R3 Interface Name
S0S1E1
写出路由器 3 的端口封装类型
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-33
练 习: IPX 参数设置
EncapsulationNetwork Address
R3 Interface Name
S0S1E1
d100
写出路由器 3 的端口封装类型
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-34
练 习: IPX 参数设置
EncapsulationNetwork Address
R3 Interface Name
S0 hdlcS1E1
d100
写出路由器 3 的端口封装类型
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-35
练 习: IPX 参数设置
EncapsulationNetwork Address
R3 Interface Name
S0 hdlcS1E1
c0b0d100
写出路由器 3 的端口封装类型
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-36
练 习: IPX 参数设置
EncapsulationNetwork Address
R3 Interface Name
S0 hdlcS1 hdlcE1
c0b0d100
写出路由器 3 的端口封装类型
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-37
练 习: IPX 参数设置
EncapsulationNetwork Address
R3 Interface Name
S0 hdlcS1 hdlcE1 b1b0
c0b0d100
写出路由器 3 的端口封装类型
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-38
写出路由器 3 的端口封装类型
EncapsulationNetwork Address
R3 Interface Name
S0 hdlcS1 hdlcE1 novell-ether
练 习: IPX 参数设置
S0 hdlc
Network b001
E0 SAP
E1
S1
S1 hdlcS0
Network c0b0
Network d100 Network b1b0E0 novell-ether
R3
R4
E1
b1b0c0b0d100
R2
R1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-39
Novell 的 IPX RIP 路由协议
• 使用 ticks (1/18 sec.) 和跳数 ( 最大值 15 跳 )
• 缺省情况下, RIP 每隔 60 秒向相邻的路由器广播路由信息
• 缺省情况下, SAP 每隔 60 秒向相邻的路由器广播NetWare 服务信息
RIP SAPTables
RIP SAPTables
RIP SAPTables
RIP SAPTables
DD CC BB AA
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-40
Server advertisesfile service
• SAP 数据包在 NetWare 网络中宣告服务
服务宣告协议 (service advertising protocol)
Server advertises print service
Server advertisesfile service
Client
AA
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-41
SAP
• SAP 数据包在 NetWare 网络中宣告服务• 在网络中增加了额外的流量
Server advertises print service
Server advertisesfile service
Router A listens to SAPs SAP
SAP table
Client
AA
服务宣告协议 (SAP)
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-42
得到最近服务协议 (get nearest server)
FileServer
NetWareClient
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-43
得到最近服务协议 (GNS)
FileServer
NetWareClient
GNS request
• GNS 是客户端向服务器发出的广播帧
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-44
得到最近服务协议 (GNS)
FileServer
NetWareClient
GNS request
• GNS 是客户端向服务器发出的广播帧• NetWare 服务器和 Cisco 路由其可以得到 SAP 数据包
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-45
得到最近服务协议 (GNS)
• GNS 是客户端向服务器发出的广播帧• NetWare 服务器和 Cisco 路由其可以得到 SAP 数据包• NetWare 服务器提供 GNS 响应
FileServer
NetWareClient
GNS request
GNS reply
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-46
配置 Novell IPX配置 Novell IPX
全局配置• IPX 路由 RIP
RIP
IPX
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-47
配置 Novell IPX配置 Novell IPX
全局配置• IPX 路由• 负载共享
RIP
RIP
IPX
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-48
RIP
RIP
Network 9e encap arpa
Network 4a encap snap
IPX
配置 Novell IPX配置 Novell IPX
全局配置• IPX 路由• 负载共享
端口配置• 网络号• 封装类型
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-49
Novell IPX 的全局配置
ipx routing [ node ]Router(config)#
• 启用 Novell IPX 路由
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-50
Router(config)# ipx maximum-paths paths
Novell IPX 的全局配置
• 配置负载共享• 缺省 = 1
Router(config)# ipx routing [ node ]
• 启用 Novell IPX 路由
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-51
Novell IPX 的端口配置
Router(config-if)# ipx network network [ encapsulation encapsulation type ]
• 在端口上启用 IPX 路由• 分配 IPX 网络号• 指明端口的封装类型
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-52
FS1 NW 3.11
FS1 NW 3.11
FS2 NW 4.11
FS2 NW 4.11
e0.1NIC
NIC
1a.0080.C712.3456
1b.0080.C712.3457
Ethernet_802.3
Ethernet_802.2
1a - novell-ether
1b - sape0.2
NetWare 子端口NetWare 子端口
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-53
Novell IPX 端口配置
Router(config-if)# ipx network network[ encapsulation encapsulation-type ][ secondary ]
• 分配主要和次要的网络号和各自的封装类型
Router(config)# interface type number.subinterface-number
• 建立子端口 , 启用 IPX 路由,指明端口的封装类型或者
Router(config-subif)# ipx network network
[ encapsulation encapsulation type ]
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-54
Novell IPX 配置举例
A
Network 9e
Network 1E0
E1
S0S0
Network 4a
Network 6c
S1 S1
9e.0800.4313.df56 Encapsulation =novell-ether
4a.1234.0000.abcdEncapsulation = sap
6c.0800.1213.13de Encapsulation = sap
Network 3
B
C
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-55
ipx routingipx maximum-paths 2
interface ethernet 0.1 ipx network 9e encapsulation novell-etherinterface ethernet 0.2 ipx network 6c encapsulation sap interface ethernet 1 ipx network 4a encapsulation sap
interface serial 0 ipx network 1
Interface serial 1 ipx network 3
Novell IPX 配置举例
A
Network 9e
Network 1E0
E1
S0S0
Network 4a
Network 6c
S1 S1
9e.0800.4313.df56 Encapsulation =novell-ether
4a.1234.0000.abcdEncapsulation = sap
6c.0800.1213.13de Encapsulation = sap
Network 3
B
C
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-56
查 看 IPX
show ipx interface
show ipx route
show ipx servers
show ipx traffic
Monitoring Commands
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-57
查 看 IPX
show ipx interface
show ipx route
show ipx servers
show ipx traffic
Monitoring Commands Troubleshooting Commands
debug ipx routing activity
debug ipx sap activity
ping ipx
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-58
查 看 IPX 端口状态查 看 IPX 端口状态wg_ro_a#show ipx interface e0Ethernet0 is up, line protocol is up IPX address is ABC.00e0.1e5d.ae2f, NOVELL-ETHER [up] Delay of this IPX network, in ticks is 1 throughput 0 link delay 0 IPXWAN processing not enabled on this interface. IPX SAP update interval is 60 seconds IPX type 20 propagation packet forwarding is disabled Incoming access list is not set Outgoing access list is not set IPX helper access list is not set SAP GNS processing enabled, delay 0 ms, output filter list is not set SAP Input filter list is not set SAP Output filter list is not set SAP Router filter list is not set Input filter list is not set Output filter list is not set Router filter list is not set Netbios Input host access list is not set Netbios Input bytes access list is not set Netbios Output host access list is not set Netbios Output bytes access list is not set Updates each 60 seconds aging multiples RIP: 3 SAP: 3 SAP interpacket delay is 55 ms, maximum size is 480 bytes <text omitted>
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-59
查看 IPX 路由表
wg_ro_a#show ipx routeCodes: C - Connected primary network, c - Connected secondary network S - Static, F - Floating static, L - Local (internal), W - IPXWAN R - RIP, E - EIGRP, N - NLSP, X - External, A - Aggregate s - seconds, u - uses, U - Per-user static
2 Total IPX routes. Up to 1 parallel paths and 16 hops allowed.
No default route known.
C ABC (NOVELL-ETHER), Et0R DEF [02/01] via ABC.00e0.1e5d.c860, 40s, Et0
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-60
查看 IPX 服务器查看 IPX 服务器
wg_ro_a#show ipx serverCodes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H - Holddown, + = detailU - Per-user static2 Total IPX Servers
Table ordering is based on routing and server info
Type Name Net Address Port Route Hops Itfp 4 fs1 11.0000.0000.0001:0451 4/03 4 Et0p 4 fs2 21.0000.0000.0001:0451 4/03 4 Et0
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-61
查看 IPX 通信量
wg_ro_a#show ipx trafficSystem Traffic for 0.0000.0000.0001 System-Name: wg_ro_aRcvd: 15 total, 0 format errors, 0 checksum errors, 0 bad hop count, 0 packets pitched, 15 local destination, 0 multicastBcast: 13 received, 6 sentSent: 6 generated, 0 forwarded 0 encapsulation failed, 0 no routeSAP: 1 Total SAP requests, 0 Total SAP replies, 0 servers 1 SAP general requests, 0 ignored, 0 replies 0 SAP Get Nearest Server requests, 0 replies 0 SAP Nearest Name requests, 0 replies 0 SAP General Name requests, 0 replies 0 SAP advertisements received, 0 sent 0 SAP flash updates sent, 0 SAP format errorsRIP: 1 RIP requests, 0 ignored, 0 RIP replies, 2 routes 13 RIP advertisements received, 0 sent 0 RIP flash updates sent, 0 RIP format errorsEcho: Rcvd 0 requests, 0 replies Sent 0 requests, 0 replies 0 unknown: 0 no socket, 0 filtered, 0 no helper 0 SAPs throttled, freed NDB len 0Watchdog: 0 packets received, 0 replies spoofed<text omitted>
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-62
wg_ro_a#debug ipx routing activityIPX routing debugging is onIPXRIP: positing full update to 3010.ffff.ffff.ffff via Ethernet0 (broadcast)IPXRIP: positing full update to 3000.ffff.ffff.ffff via Ethernet1 (broadcast)IPXRIP: positing full update to 3020.ffff.ffff.ffff via Serial0 (broadcast)IPXRIP: positing full update to 3021.ffff.ffff.ffff via Serial1 (broadcast)IPXRIP: sending update to 3020.ffff.ffff.ffff via Serial0IPXRIP: src=3020.0000.0c03.14d8, dst=3020.ffff.ffff.ffff, packet sent network 3021, hops 1, delay 6 network 3010, hops 1, delay 6 network 3000, hops 1, delay 6IPXRIP: sending update to 3021.ffff.ffff.ffff via Serial1IPXRIP: src=3021.0000.0c03.14d8, dst=3021.ffff.ffff.ffff, packet sent network 3020, hops 1, delay 6 network 3010, hops 1, delay 6 network 3000, hops 1, delay 6IPXRIP: sending update to 3010.ffff.ffff.ffff via Ethernet0IPXRIP: src=3010.aa00.0400.0284, dst=3010.ffff.ffff.ffff, packet sent network 3030, hops 2, delay 7 network 3020, hops 1, delay 1 network 3021, hops 1, delay 1 network 3000, hops 1, delay 1IPXRIP: sending update to 3000.ffff.ffff.ffff via Ethernet1
IPX 路由排错
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-63
wg_ro_a#debug ipx sap activityIPX service debugging is onwg_ro_a#05:31:18: IPXSAP: positing update to 1111.ffff.ffff.ffff via Ethernet0 (broadcast) (full)05:31:18: IPXSAP: Update type 0x2 len 288 src:1111.00e0.1e5d.ae2f dest:1111.ffff.ffff.ffff(452)05:31:18: type 0x7, ”ps21", 21.0000.0000.0001(451), 2 hops05:31:18: type 0x4, "fs31", 31.0000.0000.0001(451), 2 hops05:31:18: type 0x4, "fs41", 41.0000.0000.0001(451), 2 hops05:31:18: type 0x7, "ps51", 51.0000.0000.0001(451), 2 hopswg_ro_a#
IPX SAP 排错
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-65
Use
access list 800-899 for
standard
Deny Permit
DestinationAddress
SourceAddress
An Example Using an IPX Packet
DataPacket(IPX header)
Frame Header(for example, novell-ether)
用访问列表检测信息
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-66
Use
access list 900-999 for
extended
Deny Permit
DestinationAddress
SourceAddress
DataPacket(IPX header)
Frame Header(for example, novell-ether)
Protocol, Socket Number
用访问列表检测信息用访问列表检测信息
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-67
Use
access list 1000-1099
for SAP filtering
Deny Permit
Service Advertisement
An Example Using an IPX Packet
DataPacket(IPX header)
Frame Header(for example, novell-ether)
用访问列表检测信息
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-68
Service Advertisement
Use ACL
800-899 standard900-999 extended
1000-1099 SAPDeny Permit
DestinationAddress
SourceAddress
An Example Using an IPX Packet
DataPacket(IPX header)
Frame Header(for example, novell-ether)
用访问列表检测信息
Protocol, Socket Number
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-69
IPX 访问列表的主要特性IPX 访问列表的主要特性
• IPX 地址格式为 网络 . 主机• Socket 号代表上层应用• 标准访问列表 (800-899) 能过滤源地址和目标地
址• 扩展访问列表 (900-999) 能过滤特定的协议和
socket 号所代表的上层应用• SAP 访问列表 (1000-1099) 能够过滤网络中的
SAP 数据包
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-70
频繁的升级信息会占用数据传输的带宽
控制 IPX
Server
Server
SAPRIP
SAPRIP
RouterRouter
SAPRIP
SAPRIP
WAN Link Flooded with Overhead Traffic
Client
GNS
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-71
Step 1: 设置访问列表的参数
Router(config)# access-list access-list-number { deny | permit } { test conditions }
Step 2: 在端口上应用访问列表
Router(config-if)# ipx access-group access-list-number | name [ in | out ]
访问列表配置命令
•800-899 – 标准• 900-999 – 扩展
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-72
• 设置访问列表的参数• 标准访问列表的编号为 800 到 899
Router(config)# access-list access-list-number { deny | permit } source-network [ .source-node [ source-node-mask ]] [ destination-network ][ .destination-node [ destination-node-mask ]]]
IPX 标准访问列表的配置
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-73
IPX 标准访问列表的配置
Router(config-if)# ipx access-group access-list-number [ in | out ]
• 在端口上应用访问列表
• 设置访问列表的参数• 标准访问列表的编号为 800 到 899
Router(config)# access-list access-list-number { deny | permit } source-network [ .source-node [ source-node-mask ]] [ destination-network ][ .destination-node [ destination-node-mask ]]]
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-74
标准 IPX 访问列表配置举例
Client
ServerClient
E0E2
E1
Network2b
Network3c
Network 4d
access-list 800 permit 2b 4d (implicit deny all)int e 0 ipx network 4d ipx access-group 800 outint e 1 ipx network 3cint e 2 ipx network 2bint e3 ipx network 1a
Server
E3
Network 1a
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-75
IPX 扩展访问列表的配置Router(config)# access-list access-list-number{ deny | permit } protocol [ source-network ][[[ .source-node ] source-node-mask ] | [ .source-node source-network-mask. source-node-mask ]] [ source-socket ] [ destination.network ][[[ .destination-node ] destination-node-mask ] | [ .destination-node destination-network-mask. destination-nodemask ]] [ destination-socket ] [ log ]
• 设置访问列表的参数• 扩展访问列表的编号范围为 900 到 999
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-76
IPX 扩展访问列表的配置
Router(config-if)# ipx access-group access-list-number [ in | out ]
• 在端口上应用访问列表
Router(config)# access-list access-list-number{ deny | permit } protocol [ source-network ][[[ .source-node ] source-node-mask ] | [ .source-node source-network-mask. source-node-mask ]] [ source-socket ] [ destination.network ][[[ .destination-node ] destination-node-mask ] | [ .destination-node destination-network-mask. destination-nodemask ]] [ destination-socket ] [ log ]
• 设置访问列表的参数• 扩展访问列表的编号范围为 900 到 999
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-77
IPX SAP 作用
• 路由器不会转发 SAP 广播
Server/Router C
Server/Router D
Client 2
A Large IPX
Network
Server/Router A
Client 1 Server/Router B
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-78
IPX SAP 作用
•路由器不会转发 SAP 广播• IPX 路由器每隔 60 秒发送 SAP 表
SAP Table
Server/Router C
Server/Router D
Client 2
A Large IPX
Network
Server/Router A
Client 1 Server/Router B
SAP Table
SAP Table
SAP Table
SAP Table
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-79
在端口应用输入或输出的 SAP 过滤
• 输出过滤 : 不将收到的 SAP 数据添加到送出的 SAP 表中
如何使用 SAP 过滤
• 输入过滤 : 不将收到的 SAP 数据添加到 SAP 表中SAP SAP
TableSAP
SAP
SAP
SAP Table
SAP
SAP
SAP
SAP
SAPSAP SAP
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-80
SAP 配置
Router(config)# access-list access-list-number{ deny | permit } network [ .node ] [ network-mask . node-mask ] [ service-type [ server-name ]]
• 创建 SAP 访问列表
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-81
Router(config)# access-list access-list-number{ deny | permit } network [ .node ] [ network-mask . node-mask ] [ service-type [ server-name ]]
Router(config-if)# ipx output-sap-filter access-list-number
Router(config-if)# ipx input-sap-filter access-list-number
SAP 配置
•创建 SAP 访问列表
• 在端口的输出方向应用访问列表
•在端口的输入方向应用访问列表
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-82
E0
FS-A
FS-B
Internal IPXNetwork 1a
Internal IPXNetwork 2a
FS-C
FS-D
Network 11b
Internal IPXNetwork cc
Internal IPXNetwork dd
Network 4a
Network 9e
Network 12b
E0
E1
S0S0
Cisco BCisco BCisco ACisco A
SAP 配置举例 1SAP 配置举例 1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-83
SAP 配置举例 1
access-list 1000 permit 1a 4access-list 1000 permit 2a 4interface ethernet 0 ipx network 11binterface serial 0 ipx network 12b ipx output-sap-filter 1000
Only file services from FS-A and FS-B are advertised across router Cisco B’s S0 interface
E0
FS-A
FS-B
Internal IPXNetwork 1a
Internal IPXNetwork 2a
FS-C
FS-D
Network 11b
Internal IPXNetwork cc
Internal IPXNetwork dd
Network 4a
Network 9e
Network 12b
E0
E1
S0S0
Cisco BCisco BCisco ACisco A
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-84
SAP 配置举例 2
access-list 1001 deny -1 7access-list 1001 permit -1interface ethernet 0 ipx network 9einterface ethernet 1 ipx network 4ainterface ethernet 2 ipx network 1 ipx input-sap-filter 1001
Print services from Server Aand B are not entered into the SAP table of router Cisco A
Network 1 Network 3d
E2
To0
E1TokenRingCisco BCisco B
Network 7f
E0
Network 4a
Network 9e
E0
E1
Cisco ACisco A
A
B
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-85
查看 IPX 访问列表wg_ro_a#show ipx int e0Ethernet0 is up, line protocol is up IPX address is 11.00e0.1e5d.ae2f, NOVELL-ETHER [up] Delay of this IPX network, in ticks is 1 throughput 0 link delay 0 IPXWAN processing not enabled on this interface. IPX SAP update interval is 60 seconds IPX type 20 propagation packet forwarding is disabled Incoming access list is 801 Outgoing access list is not set IPX helper access list is not set SAP GNS processing enabled, delay 0 ms, output filter list is not set SAP Input filter list is not set SAP Output filter list is not set SAP Router filter list is not set Input filter list is not set Output filter list is not set Router filter list is not set Netbios Input host access list is not set<text omitted>
wg_ro_a#show ipx access-listIPX standard access list 801 permit 12 FFFFFFFF permit 22 FFFFFFFF
© 1999, Cisco Systems, Inc. www.cisco.com 10-86
练 习练 习
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-87
pod wg_ro’s s0 wg_ro’s e0A 11A 11B 12A 12C 13A 13D 14A 14E 15A 15F 16A 16G 17A 17H 18A 18I 19A 19J 20A 20K 21A 21L 22A 22
s1/0 - s2/3IPX Network 11 … 22
IPX Network 3bbb
IPX Network 11A
IPX Network 22A
core_ server
wg_sw_a
wg_sw_l
wg_pc_a
wg_pc_l
wg_ro_ae0/1 e0/2
e0/2e0/1
e0
e0
fa0/23
core_sw_a
wg_ro_l
core_ro
fa0/24 fa0/0
LL
s0 IPX Network 11
s0
IPX Network 22
...
可视化目标可视化目标
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-88
s1/0 - s2/3IPX Network 11 … 22
IPX Network 3bbb
IPX Network 11A
IPX Network 22A
可视化目标可视化目标
core_ server
wg_sw_a
wg_sw_l
wg_pc_a
wg_pc_l
wg_ro_ae0/1 e0/2
e0/2e0/1
e0
e0
fa0/23
core_sw_a
wg_ro_l
core_ro
fa0/24 fa0/0
LL
s0 IPX Network 11
s0
IPX Network 22
...
SAP
XX
XX
FS2PS2
SAPFS2PS2
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-89
完成本章的学习后,你应该能够掌握:• 描述 IPX 协议的基本作用• 确定 IPX 网络的网络号和端口的封装类型• 启用 Novell IPX 协议• 查看 IPX 协议的连接状态• 配置 IPX 访问列表和 SAP 数据过滤
本章总结
© 1999, Cisco Systems, Inc. www.cisco.com ICND—11-90
问题回顾问题回顾
1. IPX 网络地址有多少位 ? 2. IPX 主机地址有多少位 ?
3. 在 IPX RIP 路由协议中 metric 参数是什么 ?
4. 什么命令可以在端口上起用 IPX RIP 协议 ?
5. 标准的 IPX 访问列表可以过滤那些条目 ?