Cisco IOS AppleTalk and Novell IPX Command�Reference, Release�12.2
access-list additional-zones to appletalk eigrp-timers
Downloads: This chapterpdf (PDF - 490.0KB) The complete bookPDF (PDF - 4.49MB) | Feedback

AppleTalk Commands

Table Of Contents

AppleTalk Commands

access-list additional-zones

access-list cable-range

access-list includes

access-list nbp

access-list network

access-list other-access

access-list other-nbps

access-list within

access-list zone

appletalk access-group

appletalk address

appletalk alternate-addressing

appletalk arp interval

appletalk arp retransmit-count

appletalk arp-timeout

appletalk aurp tickle-time

appletalk aurp update-interval

appletalk cable-range

appletalk checksum

appletalk client-mode

appletalk discovery

appletalk distribute-list in

appletalk distribute-list out

appletalk domain-group

appletalk domain hop-reduction

appletalk domain name

appletalk domain remap-range

appletalk eigrp active-time

appletalk eigrp-bandwidth-percentage

appletalk eigrp log-neighbor-changes

appletalk eigrp-splithorizon

appletalk eigrp-timers


AppleTalk Commands


AppleTalk is a LAN system designed and developed by Apple Computer, Inc. It runs over Ethernet, Token Ring, and FDDI networks, as well as LocalTalk, Apple's proprietary twisted-pair media access system. AppleTalk specifies a protocol stack comprising several protocols that direct the flow of traffic over the network.

Apple Computer uses the name AppleTalk to refer to the Apple networking architecture. Apple refers to the actual transmission media used in an AppleTalk network as LocalTalk (Apple's proprietary twisted-pair transmission medium for AppleTalk), TokenTalk (AppleTalk over Token Ring), EtherTalk (AppleTalk over Ethernet), and FDDITalk (AppleTalk over FDDI).

Use the commands in this chapter to configure and monitor AppleTalk networks. For AppleTalk configuration information and examples, refer to the "Configuring AppleTalk" chapter of the Cisco IOS AppleTalk and Novell IPX Configuration Guide.

access-list additional-zones

To define the default action to take for access checks that apply to zones, use the access-list additional-zones command in global configuration mode. To remove an access list, use the no form of this command.

access-list access-list-number {deny | permit} additional-zones

no access-list access-list-number additional-zones

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The access-list additional-zones command defines the action to take for access checks not explicitly defined with the access-list zone command. If you do not specify this command, the default action is to deny other access.

You apply access lists defined with the access-list additional-zones command to outgoing routing updates and GetZoneList (GZL) filters (using the appletalk distribute-list out, and appletalk getzonelist-filter commands). You cannot apply them to data-packet filters (using the appletalk access-group command) or to incoming routing update filters (using the appletalk distribute-list in command).

Examples

The following example creates an access list based on AppleTalk zones:

access-list 610 deny zone Twilight
access-list 610 permit additional-zones

Related Commands

Command
Description

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

access-list includes

Defines an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks).

access-list nbp

Defines an AppleTalk access list entry for a particular NBP named entity, class of NBP named entities, NBP packet type, or NBP named entities belonging to a specific zone.

access-list network

Defines an AppleTalk access list for a single network number (that is, for a nonextended network).

access-list other-access

Defines the default action to take for subsequent access checks that apply to networks or cable ranges.

access-list other-nbps

Defines the default action to take for access checks that apply to NBP packets from named entities not otherwise explicitly denied or permitted.

access-list within

Defines an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range.

access-list zone

Defines an AppleTalk access list that applies to a zone.

appletalk access-group

Assigns an access list to an interface.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk distribute-list out

Filters routing updates sent to other routers.

appletalk getzonelist-filter

Filters GZL replies.

appletalk permit-partial-zones

Permits access to the other networks in a zone when access to one of those networks is denied.


access-list cable-range

To define an AppleTalk access list for a cable range (for extended networks only), use the access-list cable-range command in global configuration mode. To remove an access list, use the no form of this command.

access-list access-list-number {deny | permit} cable-range cable-range [broadcast-deny broadcast-permit]

no access-list access-list-number [{deny | permit} cable-range cable-range [broadcast-deny | broadcast-permit]]

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

cable-range

Cable range value. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal numbers from 1 to 65279. The starting network number must be less than or equal to the ending network number.

broadcast-deny

(Optional) Denies access to broadcast packets if the conditions are matched.

broadcast-permit

(Optional) Permits access to broadcast packets if the conditions are met.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

When used as a routing update filter, the access-list cable-range command affects matching on extended networks only. The conditions defined by this access list are used only when a cable range in a routing update exactly matches that specified in the access-list cable-range command. The conditions are never used to match a network number (for a nonextended network).

When used as a data-packet filter, the access-list cable-range command affects matching on any type of network number. The conditions defined by this access list are used only when the packet's source network lies in the range defined by the access list.

You apply access lists defined with the access-list cable-range command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out commands). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).

To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:

no access-list access-list-number

To delete the access list for a specific network, use the following command:

no access-list access-list-number {deny | permit} cable-range cable-range

Priority queuing for AppleTalk operates on the destination network number, not the source network number.

Examples

The following access list forwards all packets except those from cable range 10 to 20:

access-list 600 deny cable-range 10-20
access-list 600 permit other-access

Related Commands

Command
Description

access-list additional-zones

Defines the default action to take for access checks that apply to zones.

access-list includes

Defines an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks).

access-list nbp

Defines an AppleTalk access list entry for a particular NBP named entity, class of NBP named entities, NBP packet type, or NBP named entities belonging to a specific zone.

access-list network

Defines an AppleTalk access list for a single network number (that is, for a nonextended network).

access-list other-access

Defines the default action to take for subsequent access checks that apply to networks or cable ranges.

access-list other-nbps

Defines the default action to take for access checks that apply to NBP packets from named entities not otherwise explicitly denied or permitted.

access-list within

Defines an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range.

access-list zone

Defines an AppleTalk access list that applies to a zone.

appletalk access-group

Assigns an access list to an interface.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk distribute-list out

Filters routing updates sent to other routers.

appletalk getzonelist-filter

Filters GZL replies.

priority-list protocol

Establishes queueing priorities based on the protocol type.


access-list includes

To define an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks), use the access-list includes command in global configuration mode. To remove an access list, use the no form of this command.

access-list access-list-number {deny | permit} includes cable-range [broadcast-deny broadcast-permit]

no access-list access-list-number {deny | permit} includes cable-range [broadcast-deny broadcast-permit]]

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

cable-range

Cable range or network number. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal numbers from 1 to 65279. The starting network number must be less than or equal to the ending network number. To specify a network number, set the starting and ending network numbers to the same value.

broadcast-deny

(Optional) Denies access to broadcast packets if the conditions are matched.

broadcast-permit

(Optional) Permits access to broadcast packets if the conditions are met.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

When used as a routing update filter, the access-list includes command affects matching on extended and nonextended AppleTalk networks. The conditions defined by this access list are used when a cable range or network number overlaps, either partially or completely, one (or more) of those specified in the access-list includes command.

When used as a data-packet filter, the conditions defined by this access list are used when the packet's source network lies in the range defined in the access-list includes command.

You apply access lists defined with the access-list includes command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out commands). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).

To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:

no access-list access-list-number

To delete the access list for a specific network, use the following command:

no access-list access-list-number {deny | permit} includes cable-range

Priority queuing for AppleTalk operates on the destination network number, not the source network number.

Examples

The following example defines an access list that permits access to any network or cable range that overlaps any part of the range 10 to 20. This means, for example, that cable ranges 13 to 16 and 17 to 25 will be permitted. This access list also permits all other ranges.

access-list 600 permit includes 10-20
access-list 600 permit other-access

Related Commands

Command
Description

access-list additional-zones

Defines the default action to take for access checks that apply to zones.

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

access-list nbp

Defines an AppleTalk access list entry for a particular NBP named entity, class of NBP named entities, NBP packet type, or NBP named entities belonging to a specific zone.

access-list network

Defines an AppleTalk access list for a single network number (that is, for a nonextended network).

access-list other-access

Defines the default action to take for subsequent access checks that apply to networks or cable ranges.

access-list other-nbps

Defines the default action to take for access checks that apply to NBP packets from named entities not otherwise explicitly denied or permitted.

access-list within

Defines an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range.

access-list zone

Defines an AppleTalk access list that applies to a zone.

appletalk access-group

Assigns an access list to an interface.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk distribute-list out

Filters routing updates sent to other routers.

appletalk getzonelist-filter

Filters GZL replies.

priority-list protocol

Establishes queueing priorities based on the protocol type.


access-list nbp

To define an AppleTalk access list entry for a particular Name Binding Protocol (NBP) named entity, class of NBP named entities, NBP packet type, or NBP named entities that belong to a specific zone, use the access-list nbp command in global configuration mode. To remove an NBP access list entry from the access list, use the no form of this command.

access-list access-list-number {deny | permit} nbp sequence-number {BrRq | FwdRq | Lookup | LkReply | object string | type string | zone string}

no access-list access-list-number {deny | permit} nbp sequence-number {BrRq | FwdRq | Lookup | LkReply | object string | type string | zone string}

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.

deny

Denies access if conditions are matched.

permit

Permits access if conditions are matched.

sequence-number

Number used to tie together two or three portions of an NBP name tuple and to keep track of the number of access-list nbp entries in an access list. Each command entry must have a sequence number.

BrRq

Broadcast Request packet type.

FwdRq

Forward Request packet type.

Lookup

Lookup packet type.

LkReply

Lookup Reply packet type.

object

Characterizes string as the portion of an NBP name that identifies a particular object or named entity.

string

Portion of an NBP name identifying the object, type, or zone of a named entity. The name string can be up to 32 characters long, and it can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal characters. For an NBP name with a leading space, enter the first character as the special sequence :20.

type

Characterizes string as the portion of an NBP name that identifies a category or type of named entity.

zone

Characterizes string as the portion of an NBP name that identifies an AppleTalk zone.


Defaults

No particular access list entry for an NBP named entity is defined, and the default filtering specified by the access-list other-nbps command takes effect.

Command Modes

Global configuration

Command History

Release
Modification

11.0

This command was introduced.


Usage Guidelines

The access-list nbp command defines the action to take for filtering NBP packets from a particular object (particular named entity), type (class of named entities), or zone (AppleTalk zone in which named entities reside), or for a particular NBP packet type, superseding the default action for NBP packets from all named entities specified by the access-list other-nbps command. For each command that you enter, you must specify a sequence number.

The sequence number serves two purposes:

Its principal purpose is to allow you to associate two or three portions of an NBP three-part name, referred to as an NBP tuple. To do this, you enter two or three commands having the same sequence number but each specifying a different keyword and NBP name portion: object, type, or zone. The same sequence number binds them together. This provides you with the ability to restrict forwarding of NBP packets at any level, down to a single named entity.

Its second purpose is to allow you to keep track of the number of access-list nbp entries you have made. You must enter a sequence number even if you do not use it to associate portions of an NBP name.

Examples

The following example adds entries to access list number 607 to allow forwarding of NBP packets from specific sources and deny forwarding of NBP packets from all other sources. The first command adds an entry that allows NBP packets from all printers of type LaserWriter. The second command adds an entry that allows NBP packets from all AppleTalk file servers of type AFPServer. The third command adds an entry that allows NBP packets from all applications called HotShotPaint. For example, there might be an application with a zone name of Accounting and an application with a zone name of engineering, both having the object name of HotShotPaint. NBP packets forwarded from both applications will be allowed.

The access-list other-nbps command denies forwarding of NBP packets from all other sources.

access-list 607 permit nbp 1 type LaserWriter
access-list 607 permit nbp 2 type AFPServer
access-list 607 permit nbp 3 object HotShotPaint
access-list 607 deny other-nbps
access-list 607 permit other-access

The following example adds entries to access list number 608 to deny forwarding of NBP packets from two specific servers whose fully qualified NBP names are specified. It permits forwarding of NBP packets from all other sources.

access-list 608 deny nbp 1 object ServerA
access-list 608 deny nbp 1 type AFPServer
access-list 608 deny nbp 1 zone Bld3
access-list 608 deny nbp 2 object ServerB
access-list 608 deny nbp 2 type AFPServer
access-list 608 deny nbp 2 zone Bld3
access-list 608 permit other-nbps
access-list 608 permit other-access

The following example denies forwarding of NBP Lookup Reply packets for all named entities. It permits forwarding of other NBP packet types from all other sources.

access-list 600 deny nbp 1 LkReply
access-list 600 permit other-nbps
access-list 600 permit other-access

The following example creates an access list that denies forwarding of these packets:

All NBP Lookup Reply packets

NBP packets from the server named Bob's Server

Packets from all AppleTalk file servers of type AFPServer

All NBP Lookup Reply packets that contain the specified named entities belonging to the zone twilight

access-list 600 deny nbp 1 LkReply
access-list 600 deny nbp 1 object Bob's Server
access-list 600 deny nbp 1 type AFPServer
access-list 600 deny nbp 1 zone twilight
access-list 600 permit other-nbps
access-list 600 permit other-access

Related Commands

Command
Description

access-list additional-zones

Defines the default action to take for access checks that apply to zones.

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

access-list includes

Defines an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks).

access-list network

Defines an AppleTalk access list for a single network number (that is, for a nonextended network).

access-list other-access

Defines the default action to take for subsequent access checks that apply to networks or cable ranges.

access-list other-nbps

Defines the default action to take for access checks that apply to NBP packets from named entities not otherwise explicitly denied or permitted.

access-list within

Defines an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range.

access-list zone

Defines an AppleTalk access list that applies to a zone.

appletalk access-group

Assigns an access list to an interface.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk distribute-list out

Filters routing updates sent to other routers.

appletalk getzonelist-filter

Filters GZL replies.

priority-list protocol

Establishes queueing priorities based on the protocol type.


access-list network

To define an AppleTalk access list for a single network number (that is, for a nonextended network), use the access-list network command in global configuration mode. To remove an access list, use the no form of this command.

access-list access-list-number {deny | permit} network network [broadcast-deny broadcast-permit]

no access-list access-list-number {deny | permit} network network [broadcast-deny broadcast-permit]]

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

network

AppleTalk network number.

broadcast-deny

(Optional) Denies access to broadcast packets if the conditions are matched.

broadcast-permit

(Optional) Permits access to broadcast packets if the conditions are met.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

When used as a routing-update filter, the access-list network command affects matching on nonextended networks only. The conditions defined by this access list are used only when the nonextended number in a routing update matches a network number specified in one of the access-list network commands. The conditions are never used to match a cable range (for an extended network) even if the cable range has the same starting and ending number.

When used as a data-packet filter, the conditions defined by this access list are used only when the packet's source network matches the network number specified in the access-list network command.

You apply access lists defined with the access-list network command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out commands). You cannot apply access lists to GZL filters (using the appletalk getzonelist-filter command).

In software releases before 9.0, the syntax of this command was access-list access-list-number {deny | permit} network. The current version of the software is still able to interpret commands in this format if it finds them in a configuration or boot file. However, it is recommended that you update the commands in your configuration or boot files to match the current syntax.

Use the no access-list command with the access-list-number argument only to remove an entire access list from the configuration. Specify the optional arguments to remove a particular clause.

To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:

no access-list access-list-number

To delete the access list for a specific network, use the following command:

no access-list access-list-number {deny | permit} network network

Priority queuing for AppleTalk operates on the destination network number, not the source network number.

Examples

The following example defines an access list that forwards all packets except those destined for networks 1 and 2:

access-list 650 deny network 1
access-list 650 deny network 2
access-list 650 permit other-access

Related Commands

Command
Description

access-list additional-zones

Defines the default action to take for access checks that apply to zones.

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

access-list includes

Defines an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks).

access-list nbp

Defines an AppleTalk access list entry for a particular NBP named entity, class of NBP named entities, NBP packet type, or NBP named entities belonging to a specific zone.

access-list other-access

Defines the default action to take for subsequent access checks that apply to networks or cable ranges.

access-list other-nbps

Defines the default action to take for access checks that apply to NBP packets from named entities not otherwise explicitly denied or permitted.

access-list within

Defines an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range.

access-list zone

Defines an AppleTalk access list that applies to a zone.

appletalk access-group

Assigns an access list to an interface.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk distribute-list out

Filters routing updates sent to other routers.

appletalk getzonelist-filter

Filters GZL replies.

priority-list protocol

Establishes queueing priorities based on the protocol type.


access-list other-access

To define the default action to take for subsequent access checks that apply to networks or cable ranges, use the access-list other-access command in global configuration mode. To remove an access list, use the no form of this command.

access-list access-list-number {deny | permit} other-access

no access-list access-list-number other-access

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

11.0

This command was introduced.


Usage Guidelines

The access-list other-access command defines the action to take for access checks not explicitly defined with an access-list network, access-list cable-range, access-list includes, or access-list within command. If you do not specify this command, the default action is to deny other access.

You apply access lists defined with the access-list other-access command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out commands). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).

In software releases before 9.0, the syntax of this command was access-list access-list-number {deny permit} -1. The current version of the software is still able to interpret commands in this format if it finds them in a configuration or boot file. However, it is recommended that you update the commands in your configuration or boot files to match the current syntax.

Priority queuing for AppleTalk operates on the destination network number, not the source network number.

Examples

The following example defines an access list that forwards all packets except those destined for networks 1 and 2:

access-list 650 deny network 1
access-list 650 deny network 2
access-list 650 permit other-access

Related Commands

Command
Description

access-list additional-zones

Defines the default action to take for access checks that apply to zones.

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

access-list includes

Defines an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks).

access-list nbp

Defines an AppleTalk access list entry for a particular NBP named entity, class of NBP named entities, NBP packet type, or NBP named entities belonging to a specific zone.

access-list network

Defines an AppleTalk access list for a single network number (that is, for a nonextended network).

access-list other-nbps

Defines the default action to take for access checks that apply to NBP packets from named entities not otherwise explicitly denied or permitted.

access-list within

Defines an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range.

access-list zone

Defines an AppleTalk access list that applies to a zone.

appletalk access-group

Assigns an access list to an interface.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk distribute-list out

Filters routing updates sent to other routers.

priority-list protocol

Establishes queueing priorities based on the protocol type.


access-list other-nbps

To define the default action to take for access checks that apply to Name Binding Protocol (NBP) packets from named entities not otherwise explicitly denied or permitted, use the access-list other-nbps command in global configuration mode. To remove an access list, use the no form of this command.

access-list access-list-number {deny | permit} other-nbps

no access-list access-list-number {deny | permit} other-nbps

Syntax Description

access-list-number

Number of the access list for AppleTalk. This is a decimal number from 600 to 699.

deny

Denies access if conditions are matched.

permit

Permits access if conditions are matched.


Defaults

Access is denied.

Command Modes

Global configuration

Command History

Release
Modification

11.0

This command was introduced.


Usage Guidelines

The access-list other-nbps command defines the action to take for filtering of NBP packets from named entities not explicitly defined by an access-list nbp command. It allows you to implement the default AppleTalk network security state at the named entity level. Any access-list nbp commands you enter affect a particular named entity object, class of named entities, or all named entities within a zone. This command sets the security state for all other NBP named entities. If you do not specify this command, the default action is to deny access.

You can use this command to create an entry in an access list before or after you issue access-list nbp commands. The order of the command in the access list is irrelevant.

Examples

The following example permits forwarding of all NBP packets from all sources except AppleTalk file servers of type AFPServer:

access-list 607 deny nbp 2 type AFPServer
access-list 607 permit other-nbps

Related Commands

Command
Description

access-list additional-zones

Defines the default action to take for access checks that apply to zones.

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

access-list includes

Defines an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks).

access-list nbp

Defines an AppleTalk access list entry for a particular NBP named entity, class of NBP named entities, NBP packet type, or NBP named entities belonging to a specific zone.

access-list network

Defines an AppleTalk access list for a single network number (that is, for a nonextended network).

access-list other-access

Defines the default action to take for subsequent access checks that apply to networks or cable ranges.

access-list within

Defines an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range.

access-list zone

Defines an AppleTalk access list that applies to a zone.

appletalk access-group

Assigns an access list to an interface.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk distribute-list out

Filters routing updates sent to other routers.

appletalk getzonelist-filter

Filters GZL replies.

priority-list protocol

Establishes queueing priorities based on the protocol type.


access-list within

To define an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range, use the access-list within command in global configuration mode. To remove this access list, use the no form of this command.

access-list access-list-number {deny | permit} within cable-range

no access-list access-list-number [{deny | permit} within cable-range]

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

cable-range

Cable range or network number. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal numbers from 1 to 65279. The starting network number must be less than or equal to the ending network number. To specify a network number, set the starting and ending network numbers to the same value.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

When used as a routing update filter, the access-list within command affects matching on extended and nonextended AppleTalk networks. The conditions defined by this access list are used when a cable range or network number overlaps, either partially or completely, one (or more) of those specified in the access-list within command.

When used as a data-packet filter, the conditions defined by this access list are used when the packet's source network lies in the range defined in the access-list within command.

You apply access lists defined with the access-list within command to data-packet and routing-update (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).

To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:

no access-list access-list-number

To delete the access list for a specific network, use the following command:

no access-list access-list-number {deny | permit} within cable-range

Priority queuing for AppleTalk operates on the destination network number, not the source network number.

Examples

The following example defines an access list that permits access to any network or cable range that is completely included in the range 10 to 20. This means, for example, that cable range 13 to 16 will be permitted, but cable range 17 to 25 will not be. The second line of the access list permits all other packets.

access-list 600 permit within 10-20
access-list 600 permit other-access

Related Commands

Command
Description

access-list additional-zones

Defines the default action to take for access checks that apply to zones.

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

access-list includes

Defines an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks).

access-list nbp

Defines an AppleTalk access list entry for a particular NBP named entity, class of NBP named entities, NBP packet type, or NBP named entities belonging to a specific zone.

access-list network

Defines an AppleTalk access list for a single network number (that is, for a nonextended network).

access-list other-access

Defines the default action to take for subsequent access checks that apply to networks or cable ranges.

access-list other-nbps

Defines the default action to take for access checks that apply to NBP packets from named entities not otherwise explicitly denied or permitted.

access-list zone

Defines an AppleTalk access list that applies to a zone.

appletalk access-group

Assigns an access list to an interface.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk distribute-list out

Filters routing updates sent to other routers.

appletalk getzonelist-filter

Filters GZL replies.

priority-list protocol

Establishes queueing priorities based on the protocol type.


access-list zone

To define an AppleTalk access list that applies to a zone, use the access-list zone command in global configuration mode. To remove an access list, use the no form of this command.

access-list access-list-number {deny | permit} zone zone-name

no access-list access-list-number [{deny | permit} zone zone-name]

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

zone-name

Name of the zone. The name can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

You apply access lists defined with the access-list zone command to outgoing routing update and GZL filters (using the appletalk distribute-list out and appletalk getzonelist-filter commands). You cannot apply them to data-packet filters (using the appletalk access-group command) or to incoming routing update filters (using the appletalk distribute-list in command).

To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:

no access-list access-list-number

To delete the access list for a specific network, use the following command:

no access-list access-list-number {deny | permit} zone zone-name

Use the access-list additional-zones command to define the action to take for access checks not explicitly defined with the access-list zone command.


Note AppleTalk zone access lists on an Enhanced Internet Gateway Routing Protocol (Enhance IGRP) interface will not filter the distribution of Enhanced IGRP routes. When the appletalk distribute-list out command is applied to an Enhanced IGRP interface, any access-list zone commands in the specified access list will be ignored.


Examples

The following example creates an access list based on AppleTalk zones:

access-list 610 deny zone Twilight
access-list 610 permit additional-zones

Related Commands

Command
Description

access-list additional-zones

Defines the default action to take for access checks that apply to zones.

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

access-list includes

Defines an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks).

access-list nbp

Defines an AppleTalk access list entry for a particular NBP named entity, class of NBP named entities, NBP packet type, or NBP named entities belonging to a specific zone.

access-list network

Defines an AppleTalk access list for a single network number (that is, for a nonextended network).

access-list other-access

Defines the default action to take for subsequent access checks that apply to networks or cable ranges.

access-list other-nbps

Defines the default action to take for access checks that apply to NBP packets from named entities not otherwise explicitly denied or permitted.

access-list within

Defines an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range.

appletalk access-group

Assigns an access list to an interface.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk distribute-list out

Filters routing updates sent to other routers.

appletalk getzonelist-filter

Filters GZL replies.

appletalk permit-partial-zones

Permits access to the other networks in a zone when access to one of those networks is denied.


appletalk access-group

To assign an access list to an interface, use the appletalk access-group command in interface configuration mode. To remove the access list, use the no form of this command.

appletalk access-group access-list-number [in | out]

no appletalk access-group access-list-number

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.

in

(Optional) Filters on incoming packets.

out

(Optional) Filters on outgoing packets. This is the default direction.


Defaults

No access lists are predefined. The default interface direction is out.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The appletalk access-group command applies data-packet filters or NBP-packet filters to an inbound or outbound interface. These filters check data packets being received or sent on an interface. If the source network of the packets has access denied, these packets are not processed and are discarded.

When you apply a data-packet filter to an interface, you should ensure that all networks or cable ranges within a zone are governed by the same filters.

Examples

The following example applies access list 601 to outbound Ethernet interface 0:

access-list 601 deny cable-range 1-10
access-list 601 permit other-access
interface ethernet 0
 appletalk access-group 601

The following example applies access list 600 to inbound Ethernet interface 0:

interface ethernet 0
 appletalk access-group 600 in

Related Commands

Command
Description

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

access-list includes

Defines an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks).

access-list network

Defines an AppleTalk access list for a single network number (that is, for a nonextended network).

access-list other-access

Defines the default action to take for subsequent access checks that apply to networks or cable ranges.

access-list within

Defines an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk distribute-list out

Filters routing updates sent to other routers.


appletalk address

To enable nonextended AppleTalk routing on an interface, use the appletalk address command in interface configuration mode. To disable nonextended AppleTalk routing, use the no form of this command.

appletalk address network.node

no appletalk address [network.node]

Syntax Description

network.node

AppleTalk network address assigned to the interface. The argument network is the 16-bit network number in the range 0 to 65279. The argument node is the 8-bit node number in the range 0 to 254. Both numbers are decimal and separated by a period.


Defaults

Disabled

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

You must enable routing on the interface before assigning zone names.

Specifying an address of 0.0, or 0.node, places the interface into discovery mode. When in this mode, the Cisco IOS software attempts to determine network address information from another router on the network. You also can enable discovery mode with the appletalk discovery command. Discovery mode does not run over serial lines.

Examples

The following example enables nonextended AppleTalk routing on Ethernet interface 0:

appletalk routing
interface ethernet 0
 appletalk address 1.129

Related Commands

Command
Description

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

appletalk discovery

Places an interface into discovery mode.

appletalk zone

Sets the zone name for the connected AppleTalk network.


appletalk alternate-addressing

To display network numbers in a two-octet format, use the appletalk alternate-addressing command in global configuration mode. To return to displaying network numbers in the format network.node, use the no form of this command.

appletalk alternate-addressing

no appletalk alternate-addressing

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The appletalk alternate-addressing command displays cable ranges in the alternate format wherever applicable. This format consists of printing the upper and lower bytes of a network number as 8-bit decimal values separated by a decimal point. For example, the cable range 511-512 would be printed as 1.255-2.0.

Examples

The following example enables the display of network numbers in a two-octet format:

appletalk alternate-addressing

appletalk arp interval

To specify the time interval between retransmissions of Address Resolution Protocol (ARP) packets, use the appletalk arp interval command in global configuration mode. To restore both default intervals, use the no form of this command.

appletalk arp [probe | request] interval interval

no appletalk arp [probe | request] interval interval

Syntax Description

probe

(Optional) Interval to be used with AppleTalk Address Resolution Protocol (AARP) requests that are trying to determine the address of the local router when the Cisco IOS software is being configured. If you omit probe and request, probe is the default.

request

(Optional) Indicates that the interval specified is to be used when AARP is attempting to determine the hardware address of another node so that AARP can deliver a packet.

interval

Interval, in milliseconds, between AARP transmissions. The minimum value is 33 milliseconds. When used with the probe keyword, the default interval is 200 milliseconds. When used with the request keyword, the default interval is 1000 milliseconds.


Defaults

If you omit the keywords, probe is the default.

probe—200 milliseconds
request—1000 milliseconds

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The time interval you specify takes effect immediately.

Lengthening the interval between AARP transmissions permits responses from devices that respond slowly (such as printers and overloaded file servers) to be received.

AARP uses the appletalk arp probe interval value when obtaining the address of the local router. This is done when the Cisco IOS software is being configured. You should not change the default value of this interval unless absolutely necessary, because this value directly modifies the AppleTalk dynamic node assignment algorithm.

AARP uses the appletalk arp request interval value when attempting to determine the hardware address of another node so that it can deliver a packet. You can change this interval as desired, although the default value is optimal for most sites.

The no appletalk arp interval command restores both the probe and request intervals specified in the appletalk arp interval and appletalk arp retransmit-count commands to their default values.

Examples

The following example lengthens the AppleTalk ARP retry interval to 2000 milliseconds:

appletalk arp request interval 2000

Related Commands

Command
Description

appletalk arp retransmit-count

Specifies the number of ARP probe or request transmissions.

appletalk arp-timeout

Specifies the interval at which entries are aged out of the ARP table.

appletalk glean-packets

Derives ARP table entries from incoming packets.

show appletalk globals

Displays information and settings about the AppleTalk internetwork and other parameters.


appletalk arp retransmit-count

To specify the number of AppleTalk Address Resolution Protocol (AARP) probe or request transmissions, use the appletalk arp retransmit-count command in global configuration mode. To restore both default values, use the no form of this command.

appletalk arp [probe | request] retransmit-count number

no appletalk arp [probe | request] retransmit-count number

Syntax Description

probe

(Optional) Indicates that the number specified is to be used with AARP requests that are trying to determined the address of the local router when the Cisco IOS software is being configured. If you omit probe and request, probe is the default.

request

(Optional) Indicates that the number specified is to be used when AARP is attempting to determine the hardware address of another node so that AARP can deliver a packet.

number

Number of AARP retransmissions that will occur. The minimum number is 1. When used with the probe keyword, the default value is 10 retransmissions. When used with the request keyword, the default value is 5 retransmissions. Specifying 0 selects the default value.


Defaults

If you omit the keyword, probe is the default.

probe—10 transmissions
request—5 transmissions

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The value you specify takes effect immediately.

Increasing the number of retransmissions permits responses from devices that respond slowly (such as printers and overloaded file servers) to be received.

AARP uses the appletalk arp probe retransmit-count value when obtaining the address of the local router. This is done when the Cisco IOS software is being configured. You should not change the default value unless absolutely necessary, because this value directly modifies the AppleTalk dynamic node assignment algorithm.

AARP uses the appletalk arp request retransmit-count value when attempting to determine the hardware address of another node so that it can deliver a packet. You can change this interval as desired, although the default value is optimal for most sites.

The no appletalk arp interval command restores both the probe and request intervals specified in the appletalk arp interval and appletalk arp retransmit-count commands to their default values.

Examples

The following example specifies an AARP retransmission count of 10 for AARP packets that are requesting the hardware address of another node on the network:

appletalk arp request retransmit-count 10

Related Commands

Command
Description

appletalk arp interval

Specifies the time interval between retransmissions of ARP packets.

appletalk arp-timeout

Specifies the interval at which entries are aged out of the ARP table.

appletalk glean-packets

Derives ARP table entries from incoming packets.

show appletalk globals

Displays information and settings about the AppleTalk internetwork and other parameters.


appletalk arp-timeout

To specify the interval at which entries are aged out of the Address Resolution Protocol (ARP) table, use the appletalk arp-timeout command in interface configuration mode. To return to the default timeout, use the no form of this command.

appletalk arp-timeout interval

no appletalk arp-timeout interval

Syntax Description

interval

Time, in minutes, after which an entry is removed from the AppleTalk ARP table. The default is 240 minutes (4 hours).


Defaults

240 minutes (4 hours)

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Examples

The following example changes the ARP timeout interval on Ethernet interface 0 to 2 hours:

interface ethernet 0
appletalk cable-range 2-2
 appletalk arp-timeout 120

Related Commands

Command
Description

appletalk arp interval

Specifies the time interval between retransmissions of ARP packets.

appletalk arp retransmit-count

Specifies the number of ARP probe or request transmissions.

appletalk glean-packets

Derives ARP table entries from incoming packets.


appletalk aurp tickle-time

To set the Apple Update-Based Routing Protocol (AURP) last-heard-from timer value, use the appletalk aurp tickle-time command in interface configuration mode. To return to the default last-heard-from timer value, use the no form of this command.

appletalk aurp tickle-time seconds

no appletalk aurp tickle-time seconds

Syntax Description

seconds

Timeout value, in seconds. This value can be a number from 30 to infinity. The default is 90 seconds.


Defaults

90 seconds

Command Modes

Interface configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

If the tunnel peer has not been heard from within the time specified by the least-heard-from timer value, the Cisco IOS software sends tickle packets to check that the tunnel peer is still up.

You can use this command only on tunnel interfaces.

Examples

The following example changes the AURP last-heard-from timer value on tunnel interface 0 to 120 seconds:

interface tunnel 0
 appletalk aurp tickle-time 120

Related Commands

Command
Description

show appletalk interface

Displays the status of the AppleTalk interfaces configured in the Cisco IOS software and the parameters configured on each interface.


appletalk aurp update-interval

To set the minimum interval between Apple Update-Based Routing Protocol (AURP) routing updates, use the appletalk aurp update-interval command in interface configuration mode. To return to the default interval, use the no form of this command.

appletalk aurp update-interval seconds

no appletalk aurp update-interval seconds

Syntax Description

seconds

AURP routing update interval, in seconds. This interval must be a multiple of 10. The default is 30 seconds.


Defaults

30 seconds

Command Modes

Interface configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

The AURP routing update interval applies only to tunnel interfaces.

Examples

The following example changes the AURP routing update interval on tunnel interface 0 to 40 seconds:

interface tunnel 0
 appletalk aurp update-interval 40

Related Commands

Command
Description

show appletalk globals

Displays information and settings about the AppleTalk internetwork and other parameters.


appletalk cable-range

To enable an extended AppleTalk network, use the appletalk cable-range command in interface configuration mode. To disable an extended AppleTalk network, use the no form of this command.

appletalk cable-range cable-range [network.node]

no appletalk cable-range cable-range [network.node]

Syntax Description

cable-range

Cable range value. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal numbers from 0 to 65279. The starting network number must be less than or equal to the ending network number.

network.node

(Optional) Suggested AppleTalk address for the interface. The argument network is the 16-bit network number, and the argument node is the 8-bit node number. Both numbers are decimal and separated by a period. The suggested network number must fall within the specified range of network numbers.


Defaults

Disabled

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

You must enable routing on the interface before assigning zone names.

Specifying a cable range value of 0-0 places the interface into discovery mode. When in this mode, the Cisco IOS software attempts to determine cable range information from another router on the network. You can also enable discovery mode with the appletalk discovery command. Discovery mode does not run over serial lines.

Examples

The following example assigns a cable range of 3 to 3 to the interface:

interface ethernet 0
 appletalk cable-range 3-3

Related Commands

Command
Description

appletalk address

Enables nonextended AppleTalk routing on an interface.

appletalk discovery

Places an interface into discovery mode.

appletalk zone

Sets the zone name for the connected AppleTalk network.


appletalk checksum

To enable the generation and verification of checksums for all AppleTalk packets (except routed packets), use the appletalk checksum command in global configuration mode. To disable checksum generation and verification, use the no form of this command.

appletalk checksum

no appletalk checksum

Syntax Description

This command has no arguments or keywords.

Defaults

Enabled

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

When the appletalk checksum command is enabled, the Cisco IOS software discards incoming Datagram Delivery Protocol (DDP) packets when the checksum is not zero and is incorrect, and when the router is the final destination for the packet.

You might want to disable checksum generation and verification if you have very early devices (such as LaserWriter printers) that cannot receive packets that contain checksums.

The Cisco IOS software does not check checksums on routed packets, thereby eliminating the need to disable checksum to allow operation of some networking applications.

Examples

The following example disables the generation and verification of checksums:

no appletalk checksum

Related Commands

Command
Description

show appletalk globals

Displays information and settings about the AppleTalk internetwork and other parameters.


appletalk client-mode

To allow users to access an AppleTalk zone when dialing into an asynchronous line (on Cisco routers, only via the auxiliary port) use the appletalk client-mode command in interface configuration mode. To disable this function, use the no form of this command.

appletalk client-mode

no appletalk client-mode

Syntax Description

This command has no arguments or keywords.

Defaults

Client mode is disabled.

Command Modes

Interface configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

The appletalk client-mode command allows a remote client to use an asynchronous interface to access AppleTalk zones, use networked peripherals, and share files with other Macintosh users.

This command works only on asynchronous interfaces on which Point-to-Point Protocol (PPP) encapsulation is enabled. Also, you must first create an internal network for the Macintosh client using the appletalk virtual-net global configuration command.

An interface configured with the appletalk client-mode interface configuration and appletalk virtual-net global configuration commands does not support routing.

Examples

The following example allows a user to access AppleTalk functionality on an asynchronous line using PPP:

interface asynchronous 1
 appletalk client-mode

Related Commands

Command
Description

appletalk virtual-net

Adds AppleTalk users logging in on an asynchronous line and using PPP encapsulation to an internal network.

encapsulation

Sets the encapsulation method used by the interface.

interface

Defines the IP addresses of the server, configures an interface type, and enters interface configuration mode.

ppp

Starts an asynchronous connection using PPP.


appletalk discovery

To place an interface into discovery mode, use the appletalk discovery command in interface configuration mode. To disable discovery mode, use the no form of this command.

appletalk discovery

no appletalk discovery

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

If an interface is connected to a network that has at least one other operational AppleTalk router, you can dynamically configure the interface using discovery mode. In discovery mode, an interface acquires network address information about the attached network from an operational router and then uses this information to configure itself.

If you enable discovery mode on an interface, when the Cisco router starts up, that interface must acquire information to configure itself from another operational router on the attached network. If no operational router is present on the connected network, the interface will not start.

If you do not enable discovery mode, the interface must acquire its configuration from memory when the router starts. If the stored configuration is not complete, the interface will not start. If there is another operational router on the connected network, the router will verify the interface's stored configuration with that router. If there is any discrepancy, the interface will not start. If there are no neighboring operational routers, the router will assume the interface's stored configuration is correct and will start.

Once an interface is operational, it can seed the configurations of other routers on the connected network regardless of whether you have enabled discovery mode on any of the routers.

If you enable appletalk discovery and the interface is restarted, another operational router must still be present on the directly connected network in order for the interface to start.

It is not advisable to have all routers on a network configured with discovery mode enabled. If all routers were to restart simultaneously (for instance, after a power failure), the network would become inaccessible until at least one router were restarted with discovery mode disabled.

You can also enable discovery mode by specifying an address of 0.0. in the appletalk address command or a cable range of 0-0 in the appletalk cable-range command.

Discovery mode is useful when you are changing a network configuration, or when you are adding a router to an existing network.

Discovery mode does not run over serial lines.

Use the no appletalk discovery command to disable discovery mode. If the interface is not operational when you issue this command (that is, if you have not issued an access-list zone command on the interface), you must configure the zone name next. If the interface is operational when you issue the no appletalk discovery command, you can save the current configuration (in running memory) in nonvolatile memory by issuing the copy running-config startup-config command. (The copy running-config startup-config command replaces the write memory command. Refer to the description of the copy running-config startup-config command for more information.)

Examples

The following example enables discovery mode on Ethernet interface 0:

interface ethernet 0
 appletalk discovery

Related Commands

Command
Description

appletalk address

Enables nonextended AppleTalk routing on an interface.

appletalk cable-range

Enables an extended AppleTalk network.

appletalk zone

Sets the zone name for the connected AppleTalk network.

show appletalk interface

Displays the status of the AppleTalk interfaces configured in the Cisco IOS software and the parameters configured on each interface.


appletalk distribute-list in

To filter routing updates received from other routers over a specified interface, use the appletalk distribute-list in command in interface configuration mode. To remove the routing table update filter, use the no form of this command.

appletalk distribute-list access-list-number in

no appletalk distribute-list [access-list-number] in

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.


Defaults

No routing filters are preconfigured.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The appletalk distribute-list in command controls which networks and cable ranges in routing updates will be entered into the local routing table.

Filters for incoming routing updates use access lists that define conditions for networks and cable ranges only. They cannot use access lists that define conditions for zones. All zone information in an access list assigned to the interface with the appletalk distribute-list in command is ignored.

An input distribution list filters network numbers received in an incoming routing update. When AppleTalk routing updates are received on the specified interface, each network number and cable range in the update is checked against the access list. Only network numbers and cable ranges that are permitted by the access list are inserted into the Cisco IOS software AppleTalk routing table.

Examples

The following example prevents the router from accepting routing table updates received from network 10 and on Ethernet interface 3:

access-list 601 deny network 10
access-list 601 permit other-access
interface ethernet 3
 appletalk distribute-list 601 in

Related Commands

Command
Description

access-list cable-range

Defines an AppleTalk access list for a cable range (for extended networks only).

access-list includes

Defines an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks).

access-list network

Defines an AppleTalk access list for a single network number (that is, for a nonextended network).

access-list other-access

Defines the default action to take for subsequent access checks that apply to networks or cable ranges.

access-list within

Defines an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range.

appletalk distribute-list out

Filters routing updates sent to other routers.


appletalk distribute-list out

To filter routing updates transmitted to other routers, use the appletalk distribute-list out command in interface configuration mode. To remove the routing table update filter, use the no form of this command.

appletalk distribute-list access-list-number out

no appletalk distribute-list [access-list-number] out

Syntax Description

access-list-number

Number of the access list. This is a decimal number from 600 to 699.


Defaults

No routing filters are preconfigured.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The appletalk distribute-list out command controls which network numbers and cable ranges are included in routing updates and which zones the local router includes in its GetZoneList (GZL) replies.

When an AppleTalk routing update is generated on the specified interface, each network number and cable range in the routing table is checked against the access list. If an undefined access list is used, all network numbers and cable ranges are added to the routing update. Otherwise, if an access list is defined, only network numbers and cable ranges that satisfy the following conditions are added to the routing update:

The network number or cable range is not explicitly or implicitly denied.

The network number or cable range is not a member of a zone that is explicitly or implicitly denied.

If appletalk permit-partial-zones is disabled (the default), the network number or cable range is not a member of a zone that is partially obscured.

A zone is considered partially obscured when one or more network numbers or cable ranges that are members of the zone is explicitly or implicitly denied.

When a Zone Information Protocol (ZIP) GZL reply is generated, only zones that satisfy the following conditions are included:

If appletalk permit-partial-zones is enabled, at least one network number or cable range that is a member of the zone is explicitly or implicitly permitted.

If appletalk permit-partial-zones is disabled, all network numbers or cable ranges are explicitly or implicitly permitted.

The zone is explicitly or implicitly permitted.


Note AppleTalk zone access lists on an Enhanced IGRP interface will not filter the distribution of Enhanced IGRP routes. When the appletalk distribute-list out command is applied to an Enhanced IGRP interface, any access-list zone commands in the specified access list will be ignored.


Examples

The following example prevents routing updates sent on Ethernet 0 from mentioning any networks in zone Admin:

access-list 601 deny zone Admin
access-list 601 permit other-access
interface Ethernet 0
 appletalk distribute-list 601 out

Related Commands

Command
Description

access-list additional-zones

Defines the default action to take for access checks that apply to zones.

access-list zone

Defines an AppleTalk access list that applies to a zone.

appletalk distribute-list in

Filters routing updates received from other routers over a specified interface.

appletalk getzonelist-filter

Filters GZL replies.

appletalk permit-partial-zones

Permits access to the other networks in a zone when access to one of those networks is denied.


appletalk domain-group

To assign a predefined domain number to an interface, use the appletalk domain-group command in interface configuration mode. To remove an interface from a domain, use the no form of this command.

appletalk domain-group domain-number

no appletalk domain-group [domain-number]

Syntax Description

domain-number

Number of an AppleTalk domain. It can be a decimal integer from 1 to 1,000,000.


Defaults

No domain number is assigned to the interface.

Command Modes

Interface configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

Before you can assign a domain number to an interface, you must create a domain with that domain number using the appletalk domain name global configuration command.

One or more interfaces on a router can be members of the same domain. However, a given interface can be in only one domain.

After you assign AppleTalk interenterprise features to an AppleTalk domain, you can attribute those features to a tunnel interface configured for AURP by assigning the AppleTalk domain-group number to the tunnel interface.

Examples

The following example assigns domain group 1 to Ethernet interface 0:

interface ethernet 0
 appletalk domain-group 1

The following example assigns domain group 1 to tunnel interface 2. Assuming that domain group 1 is configured for AppleTalk interenterprise and that tunnel interface 2 is configured for AURP, any features configured for domain group 1 are ascribed to AURP on tunnel interface 2.

interface tunnel 2 
 appletalk domain-group 1

Related Commands

Command
Description

appletalk domain name

Creates a domain and assigns it a name and number.

show appletalk domain

Displays all domain-related information.


appletalk domain hop-reduction

To reduce the hop-count value in packets that are traveling between segments of a domains, use the appletalk domain hop-reduction command in global configuration mode. To disable the reduction of hop-count values, use the no form of this command.

appletalk domain domain-number hop-reduction

no appletalk domain domain-number hop-reduction

Syntax Description

domain-number

Number of an AppleTalk domain. It can be a decimal integer from 1 to 1,000,000.


Defaults

Reduction of hop-count values is disabled.

Command Modes

Global configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

Before you can specify the appletalk domain hop-reduction global configuration command, you must have created a domain with that domain number using the appletalk domain name global configuration command.

DDP and Routing Table Maintenance Protocol (RTMP) both impose a 15-hop limit when forwarding packets. A packet ages out and is no longer forwarded when its hop count reaches 16. To overcome RTMP's 15-hop limit, the domain router represents all networks accessible to routers on its local network as one hop away. This allows routers to maintain and send routing information about networks beyond the 15-hop limit and achieve full connectivity.

When you enable hop-count reduction, delivery of packets from networks that are farther than
15 hops apart is guaranteed.

When you enable hop-count reduction, the hop count in a packet is set to 1 as it passes from one domain to another. For example, if the hop count was 8 when the packet left one domain, its hop count is 1 when it enters the next segment of the domain.

Examples

The following example enables hop-count reduction for domain number 1:

appletalk domain 1 name Delta
appletalk domain 1 hop-reduction

Related Commands

Command
Description

appletalk domain name

Creates a domain and assigns it a name and number.

show appletalk domain

Displays all domain-related information.


appletalk domain name

To create a domain and assign it a name and number, use the appletalk domain name command in global configuration mode. To remove a domain, use the no form of this command.

appletalk domain domain-number name domain-name

no appletalk domain domain-number name domain-name

Syntax Description

domain-number

Number of an AppleTalk domain. It can be a decimal integer from 1 to 1000000.

domain-name

Name of an AppleTalk domain. The name must be unique across the AppleTalk internetwork. It can be up to 32 characters long and can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20.


Defaults

No domain is created.

Command Modes

Global configuration

Command History

Release
Modification

10.3

This command was introduced.


Examples

The following example creates domain number 1 and assigns it the domain name Delta:

appletalk domain 1 name Delta

Related Commands

Command
Description

appletalk routing

Enables AppleTalk routing.

show appletalk domain

Displays all domain-related information.


appletalk domain remap-range

To remap ranges of AppleTalk network numbers or cable ranges between two segments of a domain, use the appletalk domain remap-range command in global configuration mode. To disable remapping, use the no form of this command.

appletalk domain domain-number remap-range {in | out} cable-range

no appletalk domain domain-number remap-range {in | out} [cable-range]

Syntax Description

domain-number

Number of an AppleTalk domain. It can be a decimal integer from 1 to 1,000,000.

in

Specifies that the remapping is performed on inbound packets (that is, on packets arriving into the local interenterprise network). All network numbers or cable ranges coming from the domain are remapped into the specified range.

out

Specifies that the remapping is performed on outbound packets (that is, on packets exiting from the local interenterprise network). All network numbers or cable ranges going to the domain are remapped into the specified range.

cable-range

Specifies the start and end of the cable range, separated by a hyphen. The starting network must be the first AppleTalk network number or the beginning of the cable range to remap. The number must be immediately followed by a hyphen. The ending network must be the last AppleTalk network number or the end of the cable range to remap.


Defaults

No remapping is performed.

Command Modes

Global configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

Before you can specify the appletalk domain remap-range command, you must create a domain with that domain number using the appletalk domain name global configuration command.

Inbound and outbound packets are relative to the domain router.

Ensure that the domain range you specify does not overlap any network addresses or cable ranges that already exist in the AppleTalk interenterprise network.

Each domain can have two domain mapping ranges to which to remap all incoming or outgoing network numbers or cable ranges. Incoming remapping ranges cannot overlap. However, outbound remapping ranges can overlap.

When an AppleTalk network in a domain becomes inactive, its remapped entry is removed from the remapping table. This frees the space for another network to be remapped.

If there are more remote domains than available remapping range numbers, the Cisco IOS software displays an error message and shuts down domains.

Examples

The following example remaps all network addresses and cable ranges for packets inbound from domain 1 into the address range 1000 to 1999. It also remaps packets inbound from domain 2.

appletalk domain 1 name Delta
appletalk domain 2 name Echo
appletalk domain 1 remap-range in 10000-10999 
appletalk domain 2 remap-range in 20000-20999 

Related Commands

Command
Description

appletalk domain name

Creates a domain and assigns it a name and number.

show appletalk remap

Displays domain remapping information.


appletalk eigrp active-time

To specify the length of time for which Enhanced Interior Gateway Routing Protocol (EIGRP) routes can be active, use the appletalk eigrp active-time command in global configuration mode. To return to the default value of 1 minute, use the no form of the command.

appletalk eigrp active-time {minutes | disabled}

no appletalk eigrp active-time

Syntax Description

minutes

Enhanced IGRP active state time (in minutes). Valid values are from 1 to 4,294,967,295 minutes.

disabled

Disables the Enhanced IGRP active state time limit. Routes remain active indefinitely.


Defaults

1 minute

Command Modes

Global configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

The command allows you to configure the length of time that Enhanced IGRP routes can remain active. When a route reaches the active state time limit, the Cisco IOS software logs an error and removes the route from the routing table. You can view the current setting of the Enhance IGRP active state time by using the show appletalk globals command.

Examples

The following example shows the current setting of the Enhanced IGRP active state time using the show appletalk globals command, changes the setting using the appletalk eigrp active-time command, and then displays the changed setting (using the show appletalk globals command again):

Router# show appletalk globals 

AppleTalk global information:
  Internet is incompatible with older, AT Phase1, routers.
  There are 4 routes in the internet.
  There are 7 zones defined.
  Logging of significant AppleTalk events is disabled.
  ZIP resends queries every 10 seconds.
  RTMP updates are sent every 10 seconds.
  RTMP entries are considered BAD after 20 seconds.
  RTMP entries are discarded after 60 seconds.
  AARP probe retransmit count: 10, interval: 200 msec.
  AARP request retransmit count: 5, interval: 1000 msec.
  DDP datagrams will be checksummed.
  RTMP datagrams will be strictly checked.
  RTMP routes may not be propagated without zones.
  Routes will be distributed between routing protocols.
  Routing between local devices on an interface will not be performed.
  EIGRP router id is: 1
  EIGRP maximum active time is 1 minutes
  IPTalk uses the udp base port of 768 (Default).
  Alternate node address format will not be displayed.
  Access control of any networks of a zone hides the zone.
Router#
Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# appletalk eigrp active-time 5
Router(config)# end
Router#

Router# show appletalk globals 

AppleTalk global information:
  Internet is incompatible with older, AT Phase1, routers.
  There are 4 routes in the internet.
  There are 7 zones defined.
  Logging of significant AppleTalk events is disabled.
  ZIP resends queries every 10 seconds.
  RTMP updates are sent every 10 seconds.
  RTMP entries are considered BAD after 20 seconds.
  RTMP entries are discarded after 60 seconds.
  AARP probe retransmit count: 10, interval: 200 msec.
  AARP request retransmit count: 5, interval: 1000 msec.
  DDP datagrams will be checksummed.
  RTMP datagrams will be strictly checked.
  RTMP routes may not be propagated without zones.
  Routes will be distributed between routing protocols.
  Routing between local devices on an interface will not be performed.
  EIGRP router id is: 1
  EIGRP maximum active time is 5 minutes
  IPTalk uses the udp base port of 768 (Default).
  Alternate node address format will not be displayed.
  Access control of any networks of a zone hides the zone.

Related Commands

Command
Description

show appletalk globals

Displays information and settings about the AppleTalk internetwork and other parameters.


appletalk eigrp-bandwidth-percentage

To configure the percentage of bandwidth that may be used by Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the appletalk eigrp-bandwidth-percentage command in interface configuration mode. To restore the default value, use the no form of this command.

appletalk eigrp-bandwidth-percentage router-number percent

no appletalk eigrp-bandwidth-percentage

Syntax Description

router-number

Router ID.

percent

Percentage of bandwidth that Enhanced IGRP may use.


Defaults

50 percent

Command Modes

Interface configuration

Command History

Release
Modification

11.2

This command was introduced.


Usage Guidelines

Enhanced IGRP will use up to 50 percent of the bandwidth of a link, as defined by the bandwidth interface configuration command. This command may be used if some other fraction of the bandwidth is desired. Note that values greater than 100 percent may be configured; this may be useful if the bandwidth is set artificially low for other reasons.

Examples

The following example allows Enhanced IGRP to use up to 75 percent (42 kbps) of a 56-kbps serial link:

interface serial 0
 bandwidth 56
 appletalk eigrp-bandwidth-percentage 1 75

Related Commands

Command
Description

appletalk routing

Enables AppleTalk routing.

bandwidth (interface)

Sets a bandwidth value for an interface.


appletalk eigrp log-neighbor-changes

To enable the logging of changes in Enhanced Interior Gateway Protocol (EIGRP) neighbor adjacencies, use the appletalk eigrp log-neighbor-changes command in global configuration mode. To disable this function, use the no form of this command.

appletalk eigrp log-neighbor-changes

no appletalk eigrp log-neighbor-changes

Syntax Description

This command has no arguments or keywords.

Defaults

No adjacency changes are logged.

Command Modes

Global configuration

Command History

Release
Modification

11.2

This command was introduced.


Usage Guidelines

This command enables the logging of neighbor adjacency changes to monitor the stability of the routing system and to help detect problems. Log messages are of the form:

%DUAL-5-NBRCHANGE: AT/EIGRP 1: Neighbor address (interface) is state: reason

The arguments have the following meanings:

address—Neighbor address

state—Up or down

reason—Reason for change

Examples

The following configuration will log neighbor changes for AppleTalk Enhanced IGRP:

appletalk eigrp log-neighbor-changes

Related Commands

Command
Description

appletalk routing

Enables AppleTalk routing.


appletalk eigrp-splithorizon

To enable split horizon, use the appletalk eigrp-splithorizon command in interface configuration mode. To disable split horizon, use the no form of this command.

appletalk eigrp-splithorizon

no appletalk eigrp-splithorizon

Syntax Description

This command has no arguments or keywords.

Defaults

Enabled

Command Modes

Interface configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

If you enable split horizon on an interface, AppleTalk Enhanced Interior Gateway Protocol (EIGRP) update and query packets are not sent if this interface is the next hop to that destination. This reduces the number of Enhanced IGRP packets of the network.

Split horizon blocks information about routes from being advertised by a router out any interface from which that information originated. This behavior usually optimizes communication among multiple routers, particularly when links are broken. However, with nonbroadcast networks, such as Frame Relay and Switched Multimegabit Data Service (SMDS), situations can arise for which this behavior is less than ideal. For these situations, you may wish to disable split horizon.

Examples

The following example disables split horizon on serial interface 0:

interface serial 0
 no appletalk eigrp-splithorizon

appletalk eigrp-timers

To configure the AppleTalk Enhanced Interior Gateway Protocol (EIGRP) hello packet interval and the route hold time, use the appletalk eigrp-timers command in interface configuration mode. To return to the default values for these timers, use the no form of this command.

appletalk eigrp-timers hello-interval hold-time

no appletalk eigrp-timers hello-interval hold-time

Syntax Description

hello-interval

Interval between hello packets, in seconds. The default interval is 5 seconds. It can be a maximum of 30 seconds.

hold-time

Hold time, in seconds. The hold time is advertised in hello packets and indicates to neighbors the length of time they should consider the sender valid. The hold time can be in the range 15 to 90 seconds.


Defaults

hello-interval argument:
For low-speed NBMA networks: 60 seconds
For all other networks: 5 seconds

hold-time
argument:
For low-speed NBMA networks: 180 seconds
For all other networks: 15 seconds

Command Modes

Interface configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

If the current value for the hold time is less than two times the hello interval, the hold time is reset to three times the hello interval.

If the Cisco IOS software does not receive a hello packet within the specified hold time, routes through this device are considered available.

Increasing the hold time delays route convergence across the network.


Note Do not adjust the hold time without advising technical support.


The default of 180 seconds for the hold-time argument applies only to low-speed, nonbroadcast, multiaccess (NBMA) media. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command.

The default of 60 seconds for the hello-interval argument applies only to low-speed NBMA media. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command. Note that for purposes of Enhanced IGRP, Frame Relay and SMDS networks may or may not be considered to be NBMA. These networks are considered NBMA if the interface has not been configured to use physical multicasting; otherwise they are considered not to be NBMA.

Examples

The following example changes the hello interval to 10 seconds:

interface ethernet 0
 appletalk eigrp-timers 10 45

Related Commands

Command
Description

bandwidth (interface)

Sets a bandwidth value for an interface.