As a reminder, the criteria for that filter is as follows:
300 from reaching Server 1 and Server 2 is not as obvious. The filter examines inbound SAP
updates from R2. Services in networks 1000 to 100F are filtered. All other services are not
filtered; the 1 keyword signifies all networks. (Extended IPX access lists can use the keyword
any. SAP filters do not currently use that keyword.) So, there will never be an entry in R1's SAP
table for networks 1000 to 100F.
GNS process and its purpose. (Figure 6-14, in Chapter 6, "Routing," outlined the process.)
Either Server 3 or Server 4 will be used as the GNS server for clients in network 300. (The
router will not reply to GNS requests if a real server exists on the LAN at some later IOS
releases; before that, the router delayed replying so that any local servers would send the first
reply.) Neither Server 3 nor Server 4 will know of Server 1 or Server 2 because they are relying
on R1 to advertise SAP information, and R1 has filtered SAPs about networks 1000 to 100F.
Therefore, network 300 clients will not be capable of logging in to Server 1 or Server 2 because
clients can connect only to servers in the SAP table of their GNS server.
packet filters. SAPs are sent once every 60 seconds, whereas packet filters cause the IOS to
examine every IPX packet, a much more frequent task. So, you are more likely to use SAP filers
in real networks, and you also are more likely to see SAP filters on the exam, as compared with
IPX packet filters.
!
ipx routing 0200.1111.111
!
interface serial0
ip address 10.1.1.1 255.255.255.0
ipx network 200
ipx input-sap-filter 1005
!
interface ethernet 0
ip address 10.1.30.1 255.255.255.0
ipx network 300
!
access-list 1005 deny 1000 0000000F
access-list 1005 permit -1