Common Novell Troubleshooting Issues
501
SAP Access Lists
Although standard and extended access lists are useful for blocking traffic
between IPX networks, Cisco provides a better solution for filtering the SAP
traffic between networks. The 10001099 range of access lists may be used
to permit or block SAP packets specifically, as compared to the general IPX
traffic filtering that is available from the standard and extended lists.
Using the syntax access-list [number] [permit/deny] [source]
[service type]
, access list 1010 is configured to permit all SAP traffic
from the server. Service type zero represents all service types. Service type
four is used for file servers, and type seven represents print servers. This
access list was configured on interface e0 as an input SAP filter--all SAP traf-
fic from server 11 (internal IPX network number) is permitted, and all other
SAPs are denied.
RouterA#config t
Enter configuration commands, one per line. End with CNTL/
Z.
RouterA(config)#access-list 1010 permit 11.0000.0000.0001
0
RouterA(config)#int e0
RouterA(config-if)#ipx input-sap-filter 1010
RouterA(config-if)#^Z
When troubleshooting, remember to use the following commands to
quickly disable IPX access lists. (They need to be reinstated when trouble-
shooting is complete.)
no ipx access-group access-group number
no ipx input-sap-filter access-list number
no ipx output-sap-filter access-list number
It is possible to alter the default 60-second SAP timer with the ipx sap-
interval
command. The improper use of this command can cause significant
problems with SAP updates, and can cause servers to appear and disappear
in the SAP table.
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com