Page 536

512 Chapter 7: Understanding Access List Security

Answers to Task 3 for Scenario 7-4

Task 3 for Scenario 7-4 asks you to create SAP filters that perform the same function as
described in Task 2. Task 3 suggests a very simple solution, but the simple solution works only
because there are local servers in Charlotte, Nashville, and Boston. First, take a look at the
solution; then read over some comments.

Because the local server in each case will be the GNS server for the local clients, respectively,
all that is needed is to stop Server 1 and Server 2 SAP information from being advertised into
the remote sites. In an effort to reduce overhead, the SAP filters will be placed in Atlanta
because SAP information originates in the servers. Example 7-29 provides the solution.

Example 7-26

Charlotte with Access List Configured, Scenario 7-4, Task 2

access-list 800 deny 101 1001
access-list 800 permit -1
!
interface serial 0.1 point-to-point
ipx access-group 800

Example 7-27

Nashville with Access List Configured, Scenario 7-4, Task 2

access-list 800 deny 102 1000
access-list 800 permit -1
!
interface serial 0.2 point-to-point
ipx access-group 800

Example 7-28

Boston with Access List Configured, Scenario 7-4, Task 2

access-list 800 deny 103 1000
access-list 800 permit -1
!
interface serial 0.3 point-to-point
ipx access-group 800

Example 7-29

Atlanta with SAP Filter Configured, Scenario 7-4, Task 3

access-list 1050 deny 1000
access-list 1050 permit -1
!
access-list 1051 deny 1001
access-list 1051 permit -1
!
interface serial 0.1 point-to-point
ipx output-sap-filter 1051
!
interface serial 0.2 point-to-point
ipx output-sap-filter 1050
!
interface serial 0.3 point-to-point
ipx output-sap-filter 1050

ch07.fm Page 512 Monday, March 20, 2000 5:14 PM