Page 669

Scenario 9-1

645

As usual, the access lists can be placed in several areas to achieve the desired function.
Also as usual, the criteria for the access list is subject to interpretation. One solution is to
filter packets sent from hosts on the Ethernet off R3, filtering them as they enter R1, on
either of R1's serial interfaces. By filtering packets in only one direction, applications that
require a two-way flow will not successfully communicate. By filtering on both of R1's
serial interfaces for inbound traffic, any valid route for the incoming packets will be
checked.

For the SAP filter, several options also exist; one is shown here. By stopping R2 from
adding the SAP for Server 2 to its SAP table, R2 will never advertise that server in a GNS
request, nor will Server 3 learn about Server 2's SAPs from R2's SAP updates. So, the
plan is to place incoming SAP filters on both serial interfaces on R2, to filter Server 2 from
being added to R2's SAP table.

Scenario 9-1, Part B--Configuration

The next step in your job is to deploy the network designed in Scenario 9-1, Part A. Use the
solutions for Part A of Scenario 9-1 to direct you in identifying IP and IPX addresses and
determining the logic behind the access lists. For Scenario 9-1, Part B, perform the following
tasks:

Configure IP, IPX, and IP access lists and IPX SAP filters based on Scenario 9-1, Part A's
design.

Use RIP as the IP routing protocol.

Use PPP as the data link protocol on the link between R2 and R3. Use the default serial
encapsulation elsewhere.

R1-S1

163.1.13.201

R2-E0

163.1.2.202

R2-S0

163.1.12.202

R2-S1

163.1.23.202

R3-E0

163.1.3.203

R3-S0

163.1.13.203

R3-S1

163.1.23.203

Table 9-4

Scenario 9-1, Part A--IP Address Planning Chart Completed (Continued)

Host

Address

ch09.fm Page 645 Monday, March 20, 2000 5:23 PM