background image
Filtering IPX Traffic and SAPs 485
Figure 7-9
Extended Access List Protocol Types
The protocol names can be misleading, particularly the SAP protocol type. Extended access
lists can be used to filter entire SAP packets; protocol type SAP would be useful to match those
packets. For filtering the content of the SAP updates, which is a hugely popular function, access
lists for filtering SAP information would be used. The SAP filters, which use list numbers
between 1000 and 1099, are covered in the section "SAP Filters," later in this chapter. SAP
filtering does not use extended IPX access lists with a SAP protocol type.
Similarly, extended IPX access lists with protocol type RIP can allow matching of RIP packets,
but not the routing information in the RIP update. The most practical use of the protocol type
parameter is for NetBIOS. If NetBIOS is not an issue, most sites use the any keyword for the
protocol type.
The socket parameter is similar to a TCP or UDP port number. Novell assigns socket values to
applications to create the equivalent of a TCP or UDP well-known port. Clients dynamically
assign sockets in the range of 4000­7FFF, and Novell assigns sockets to applications in the
range of 8000­FFFF. As with IP, there is both a source and destination socket, which is used for
multiplexing.
NOTE
Do not confuse SAP type with socket. A file server advertises SAP type 4 but does not use
socket number 4 for file services.
NetBIOS
NetBIOS
IPX
SPX
SPX
IPX
Data
(not NCP)
SPX
SPX + NCP
IPX
Data
NCP
RIP
IPX
SAP
RIP
SAP
IPX
ch07.fm Page 485 Monday, March 20, 2000 5:14 PM