The AppleTalk Protocol
529
Zone names are useful in grouping geographically separated workgroups, as
well. The Marketing zone may include cable range 510 when initially created,
but a new marketing group in another building may be needed. This group can
be placed on cable range 10001005, yet remain in the Marketing zone.
AppleTalk does not provide a mechanism for updating zone names. For example,
if an administrator changes the zone name from "Finance" to "Marketing," the
local router zone name changes, but the remote routers continue to reference
"Finance." This is referred to as a ghost zone. It is recommended that adminis-
trators disable all networks that are related to the zone name being changed. This
ages out the routing table; upon reinstatement, the routers learn the route and
new zone name information.
The output of the show appletalk zone command follows:
Router_C#show appletalk zone
Name Network(s)
one 1-1
Two 2-2
Dilbert 14000-14005
Kenny 22638-22639
Total of 4 zones
show appletalk access-lists
Access lists are usually configured to restrict access to various resources
within the network. This may be for broadcast control, data security, or
other considerations. Regarding AppleTalk, access lists are numbered from
600 to 699. In addition, the Cisco IOS filters zone and network information
simultaneously. Because administrators may wish to write lists that block
certain traffic and permit all other traffic, it is important to consider both the
access-list permit other-access
and access-list permit
additional-zones
statements. As with other access lists, implicit denies are
automatically assumed at the end of an AppleTalk access list. In the example,
access-list 605
demonstrates the more common AppleTalk access list, in
which certain packets are permitted and all items not permitted are denied.
This is a default behavior of AppleTalk access-lists, but is explicitly
restated in this example.
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com