-
Access and Communication Servers Command Reference
-
About This Manual
-
Access Server and Communication Server Product Overview
-
User Interface Commands
-
System Image and Configuration File Load Commands
-
Configuring Terminal Lines and Modem Support
-
System Management Commands
-
User Interface Config Commands
-
Dial on Demand Routing Commands
-
X.25 Configuration Commands
-
Frame Relay Commands
-
SMDS Commands
-
Telnet Configuration Commands
-
LAT Configuration Commands
-
TN3270 Configuration
-
AppleTalk Remote Access Commands
-
SLIP and PPP Configuration Commands
-
XRemote Configuration Commands
-
AppleTalk Routing Commands
-
IP Commands
-
IP Routing Protocols Commands
-
Novell IPX Commands
-
Protocol Translation Configuration Commands
-
Appendix A, ASCII Character Set
-
Appendix B, Modem and Chat Script Configuration
-
Appendix C, Regular Expressions
-
Appendix D, Refs and Reading
-
Appendix E, X.3 PAD Parameters
-
Table Of Contents
appletalk alternate-addressing
appletalk arp retransmit-count
appletalk aurp update-interval
appletalk domain hop-reduction
appletalk ignore-verify-errors
appletalk name-lookup-interval
appletalk permit-partial-zones
appletalk route-redistribution
appletalk strict-rtmp-checking
show appletalk adjacent-routes
show appletalk eigrp neighbors
AppleTalk Routing Commands
AppleTalk is a local-area network system that was designed and developed by Apple Computer, Inc. It can run over Ethernet, Token Ring, and FDDI networks, and over Apple's proprietary twisted-pair media access system (LocalTalk). AppleTalk specifies a protocol stack comprising several protocols that direct the flow of traffic over the network.
Apple Computer uses the name AppleTalk to refer to the Apple networking architecture. Apple refers to the actual transmission media used in an AppleTalk network as LocalTalk (Apple's proprietary twisted-pair transmission medium for AppleTalk), TokenTalk (AppleTalk over Token Ring), EtherTalk (AppleTalk over Ethernet), and FDDITalk (AppleTalk over Fiber Distributed Data Interface).
Use the commands in this chapter to configure and monitor AppleTalk networks. For AppleTalk configuration information and examples, refer to the "Configuring AppleTalk Routing" chapter in the Access and Communication Servers Configuration Guide .
Note
This chapter discusses routing functionality of your access server. For simplicity, we have used the term access server to indicate those servers which provide routing, and therefore act as routers.
access-list additional-zones
To define the default action to take for access checks that apply to zones, use the access-list additional-zones global configuration command.
access-list access-list-number {deny | permit} additional-zones
Syntax Description
access-list-number
Number of the access list. This is a decimal number from 600 to 699.
deny
Denies access if the conditions are matched.
permit
Permits access if the conditions are matched.
Default
No access lists are predefined.
Command Mode
Global configuration
Usage Guidelines
The access-list additional-zones command defines the action to take for access checks not explicitly defined with the access-list zone command. If you do not specify this command, the default action is to deny other access.
You apply access lists defined with the access-list additional-zones command to outgoing routing updates and GZL filters (using the appletalk distribute-list out, and appletalk getzonelist-filter commands). You cannot apply them to data-packet filters (using the appletalk access-group command) or to incoming routing update filters (using the appletalk distribute-list in command).
Example
The following example creates an access list based on AppleTalk zones:
access-list 610 deny zone Twilightaccess-list 610 permit additional-zonesRelated Commands
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
appletalk permit-partial-zonesaccess-list cable-range
To define an AppleTalk access list for a cable range (for extended networks only), use the access-list cable-range global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} cable-range cable-range
no access-list access-list-number [{deny | permit} cable-range cable-range]Syntax Description
Default
No access lists are predefined.
Command Mode
Global configuration
Usage Guidelines
When used as a routing update filter, the access-list cable-range command affects matching on extended networks only. The conditions defined by this access list are used only when a cable range in a routing update exactly matches that specified in the access-list cable-range command. The conditions are never used to match a network number (for a nonextended network).
When used as a data-packet filter, the access-list cable-range command affects matching on any type of network number. The conditions defined by this access list are used only when the packet's source network lies in the range defined by the access list.
You apply access lists defined with the access-list cable-range command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GetZoneList (GZL) filters (using the appletalk getzonelist-filter command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-number
To delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} cable-range cable-range
Priority queuing for AppleTalk operates on the destination network number, not the source network number.
Example
The following access list forwards all packets except those destined to cable range 10 to 20:
access-list 600 deny cable-range 10-20access-list 600 permit other-accessRelated Commands
A dagger (†) indicates that the command is documented in another chapter.
access-list additional-zones
access-list includes
access-list network
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list (protocol) †access-list includes
To define an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks), use the access-list includes global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} includes cable-range
no access-list access-list-number [{deny | permit} includes cable-range]Syntax Description
Default
No access lists are predefined.
Command Mode
Global configuration
Usage Guidelines
When used as a routing update filter, the access-list includes command affects matching on extended and nonextended AppleTalk networks. The conditions defined by this access list are used when a cable range or network number overlaps, either partially or completely, one (or more) of those specified in the access-list includes command.
When used as a data-packet filter, the conditions defined by this access list are used when the packet's source network lies in the range defined in the access-list includes command.
You apply access lists defined with the access-list includes command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-number
To delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} includes cable-range
Priority queuing for AppleTalk operates on the destination network number, not the source network number.
Example
The following example defines an access list that permits access to any network or cable range that overlaps any part of the range 10 to 20. This means, for example, that cable ranges 13 to 16 and 17 to 25 will be permitted. This access list also permits all other ranges.
access-list 600 permit includes 10-20access-list 600 permit other-accessRelated Commands
A dagger (†) indicates that the command is documented in another chapter.
access-list additional-zones
access-list cable-range
access-list network
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list (protocol) †access-list nbp
To define an AppleTalk access-list entry for a particular NBP named entity (object), class of NBP named entities (type), or NBP named entities belonging to a specific area (zone), use the access-list nbp global configuration command. To remove an NBP access-list entry from the access list, use the no form of this command.
access-list access-list-number {deny | permit} nbp seq {type | object | zone} string
no access-list access-list-number {deny | permit} nbp seq {type | object | zone} stringSyntax Description
Default
No particular access-list entry for an NBP named entity is defined and the default filtering specified by the access-list other-nbps command takes effect.
Command Mode
Global configuration
Usage Guidelines
The access-list nbp command defines the action to take for filtering NBP packets from a particular type (class of named entities), object (particular named entity), or zone (AppleTalk zone in which named entities reside) superceding the default action for NBP packets from all named entities specified by the access-list other-nbps command. For each command that you enter, you must specify a sequence number. The sequence number serves two purposes. Its principal purpose is to allow you to associate two or three portions of an NBP three-part name, referred to as an NBP tuple. To do this, you enter two or three commands having the same sequence number but each specifying a different keyword and NBP name portion: type, object, or zone. The same sequence number binds them together. This provides you with the ability to restrict forwarding of NBP packets at any level, down to a single named entity.
The second purpose of the sequence number is to allow you to keep track of the number of access-list nbp entries you have made. You must enter a sequence number even if you do not use it to associate portions of an NBP name.
Examples
The following example adds entries to access-list number 607 to allow forwarding of NBP packets from specific sources and deny forwarding of NBP packets from all other sources. The first command adds an entry that allows NBP packets from all printers of type LaserWriter. The second command adds an entry that allows NBP packets from all AppleTalk file servers of type AFPServer. The third command adds an entry that allows NBP packets from all applications called HotShotPaint. For example, there might be an application with a zone name of Accounting and an application with a zone name of engineering, both having the object name of HotShotPaint. NBP packets forwarded from both applications will be allowed.
The final access-list other-nbps command denies forwarding of NBP packets from all other sources.
access-list 607 permit nbp 1 type LaserWriteraccess-list 607 permit nbp 2 type AFPServer access-list 607 permit nbp 3 object HotShotPaintaccess-list 607 deny other-nbpsThe following example adds entries to access-list number 608 to deny forwarding of NBP packets from two specific servers whose fully-qualified NBP names are specified. It permits forwarding of NBP packets from all other sources.
access-list 608 deny nbp 1 object ServerAaccess-list 608 deny nbp 1 type AFPServeraccess-list 608 deny nbp 1 zone Bld3access-list 608 deny nbp 2 object ServerBaccess-list 608 deny nbp 2 type AFPServeraccess-list 608 deny nbp 2 zone Bld3access-list 608 permit other-nbps access-list 608 permit other-accessRelated Commands
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list other-nbps
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list protocol †access-list network
To define an AppleTalk access list for a single network number (that is, for a nonextended network), use the access-list network global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} network network
no access-list access-list-number [{deny | permit} network network]Syntax Description
Default
No access lists are predefined.
Command Mode
Global configuration
Usage Guidelines
When used as a routing-update filter, the access-list network command affects matching on nonextended networks only. The conditions defined by this access list are used only when the a nonextended number in a routing update matches a network number specified in one of the access-list network commands. The conditions are never used to match a cable range (for an extended network) even if the cable range has the same starting and ending number.
When used as a data-packet filter, the conditions defined by this access list are used only when the packet's source network matches the network number specified in the access-list network command.
You apply access lists defined with the access-list network command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
In software releases before 9.0, the syntax of this command was access-list access-list-number {deny | permit} network. The current version of the software is still able to interpret commands in this format if it finds them in a configuration or boot file. However, it is recommended that you update the commands in your configuration or boot files to match the current syntax.
Use the no access-list command with the access-list-number argument only to remove an entire access list from the configuration. Specify the optional arguments to remove a particular clause.
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-number
To delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} network network
Priority queuing for AppleTalk operates on the destination network number, not the source network number.
Example
The following example defines an access list that forwards all packets except those destined for networks 1 and 2:
access-list 650 deny network 1access-list 650 deny network 2access-list 650 permit other-accessRelated Commands
A dagger (†) indicates that the command is documented in another chapter.
access-list additional-zones
access-list cable-range
access-list includes
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list (protocol) †access-list other-access
To define the default action to take for access checks that apply to networks or cable ranges, use the access-list other-access global configuration command.
access-list access-list-number {deny | permit} other-access
Syntax Description
access-list-number
Number of the access list. This is a decimal number from 600 to 699.
deny
Denies access if the conditions are matched.
permit
Permits access if the conditions are matched.
Default
No access lists are predefined.
Command Mode
Global configuration
Usage Guidelines
The access-list other-access command defines the action to take for access checks not explicitly defined with an access-list network, access-list cable-range, access-list includes, or access-list within command. If you do not specify this command, the default action is to deny other access.
You apply access lists defined with the access-list other-access command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
In software releases before 9.0, the syntax of this command was access-list access-list-number {deny | permit} -1. The current version of the software is still able to interpret commands in this format if it finds them in a configuration or boot file. However, it is recommended that you update the commands in your configuration or boot files to match the current syntax.
Priority queuing for AppleTalk operates on the destination network number, not the source network number.
Example
The following example defines an access list that forwards all packets except those destined for networks 1 and 2:
access-list 650 deny network 1access-list 650 deny network 2access-list 650 permit other-accessRelated Commands
A dagger (†) indicates that the command is documented in another chapter.
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
priority-list (protocol) †access-list other-nbps
To define the default action to take for access checks that apply to NBP packets from named entities not otherwise explicitly denied or permitted, use the access-list other-nbps global configuration command.
access-list access-list-number {deny | permit} other-nbps
no access-list access-list-number {deny | permit} other-nbpsSyntax Description
access-list-number
Number of the access list for AppleTalk. This is a decimal number from 600 to 699.
deny
Denies access if conditions are matched.
permit
Permits access if conditions are matched.
Default
Access is denied.
Command Mode
Global configuration
Usage Guidelines
The access-list other-nbps command defines the action to take for filtering of NBP packets from named entities not explicitly defined by an access-list nbp command. It allows you to implement the default AppleTalk network security state at the named entity level. Any access-list nbp commands you enter affect a particular named entity object, class of named entities, or all named entities within a zone. This command sets the security state for all other NBP named entities. If you do not specify this command, the default action is to deny access.
You can use this command to create an entry in an access list before or after you issue access-list nbp commands. The order of the command in the access list is irrelevant.
Examples
The following example permits forwarding of all NBP packets from all sources except AppleTalk file servers of type AFPServer:
access-list 607 deny nbp 2 type AFPServeraccess-list 607 permit other-nbpsRelated Commands
A dagger (†) indicates that the command is documented in another chapter.
access-list additional-zones
access-list cable-range
access-list includes
access-list nbp
access-list network
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list (protocol) †access-list within
To define an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range, use the access-list within global configuration command. To remove this access list, use the no form of this command.
access-list access-list-number {deny | permit} within cable-range
no access-list access-list-number [{deny | permit} within cable-range]Syntax Description
Default
No access lists are predefined.
Command Mode
Global configuration
Usage Guidelines
When used as a routing update filter, the access-list within command affects matching on extended and nonextended AppleTalk networks. The conditions defined by this access list are used when a cable range or network number overlaps, either partially or completely, one (or more) of those specified in the access-list within command.
When used as a data-packet filter, the conditions defined by this access list are used when the packet's source network lies in the range defined in the access-list within command.
You apply access lists defined with the access-list within command to data-packet and routing-update (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-number
To delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} within cable-range
Priority queuing for AppleTalk operates on the destination network number, not the source network number.
Example
The following example defines an access list that permits access to any network or cable range that is completely included in the range 10 to 20. This means, for example, that cable range 13 to 16 will be permitted, but cable range 17 to 25 will not be. The second line of the access list permits all other packets.
access-list 600 permit within 10-20access-list 600 permit other-accessRelated Commands
A dagger (†) indicates that the command is documented in another chapter.
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list (protocol) †access-list zone
To define an AppleTalk access list that applies to a zone, use the access-list zone global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} zone zone-name
no access-list access-list-number [{deny | permit} zone zone-name]Syntax Description
Default
No access lists are predefined.
Command Mode
Global configuration
Usage Guidelines
You apply access lists defined with the access-list zones command to outgoing routing update and GZL filters (using the appletalk distribute-list out, and appletalk getzonelist-filter commands). You cannot apply them to data-packet filters (using the appletalk access-group command) or to incoming routing update filters (using the appletalk distribute-list in command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-number
To delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} zone zone-name
Use the access-list additional-zones command to define the action to take for access checks not explicitly defined with the access-list zone command.
Example
The following example creates an access list based on AppleTalk zones:
access-list 610 deny zone Twilightaccess-list 610 permit additional-zonesRelated Commands
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
appletalk permit-partial-zones
appletalk access-group
To assign an access list to an interface, use the appletalk access-group interface configuration command. To remove the access list use the no form of this command.
appletalk access-group access-list-number
no appletalk access-group [access-list-number]Syntax Description
Default
No access lists are predefined.
Command Mode
Interface configuration
Usage Guidelines
The appletalk access-group command applies data-packets filter to an interface. These filters check data packets being sent out an interface. If the packets' source network has access denied, these packets are not transmitted but rather are discarded.
Data-packet filters use access lists that define conditions for networks and cable ranges only. They ignore any zone information that may be in the access list.
When you apply a data-packet filter to an interface, you should ensure that all networks or cable ranges within a zone are governed by the same filters.
Example
The following example applies access list 601 to Ethernet interface 0:
access-list 601 deny cable-range 1-10access-list 601 permit other-accessinterface ethernet 0appletalk access-group 601Related Commands
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
appletalk distribute-list in
appletalk distribute-list outappletalk address
To enable nonextended AppleTalk routing on an interface, use the appletalk address interface configuration command. To disable nonextended AppleTalk routing, use the no form of this command.
appletalk address network.node
no appletalk address [network.node]Syntax Description
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
You must enable routing on the interface before assigning zone names.
Specifying an address of 0.0, or 0.node places the interface into discovery mode. When in this mode, the access server attempts to determine network address information from another router or access server on the network. You also can enable discovery mode with the appletalk discovery command. Discovery mode does not run over serial lines.
Example
The following example enables nonextended AppleTalk routing on Ethernet interface 0:
appletalk routinginterface ethernet 0appletalk address 1.129Related Commands
access-list cable-range
appletalk discovery
appletalk zoneappletalk alternate-addressing
To display network numbers in a two-octet format, use the appletalk alternate-addressing global configuration command. To return to displaying network numbers in the format network.node, use the no form of this command.
appletalk alternate-addressing
no appletalk alternate-addressingSyntax Description
This command has no arguments or keywords.
Default
Addresses are displayed in network.node format.
Command Mode
Global configuration
Usage Guidelines
The appletalk alternate-addressing command displays cable ranges in the alternate format wherever applicable. This format consists of printing the upper and lower bytes of a network number as 8-bit decimal values separated by a decimal point. For example, the cable range 511-512 would be printed as 1.255-2.0.
Example
The following example enables the display of network numbers in a two-octet format:
appletalk alternate-addressingappletalk arp interval
To specify the time interval between the retransmission of Address Resolution Protocol (ARP) packets, use the appletalk arp interval global configuration command. To restore both default intervals, use the no form of this command.
appletalk arp [probe | request] interval interval
no appletalk arp [probe | request] interval intervalSyntax Description
Default
If you omit all keywords, probe is the default.
probe—200 milliseconds
request—1000 millisecondsCommand Mode
Global configuration
Usage Guidelines
The time interval you specify takes effect immediately.
Lengthening the interval between AARP transmissions permits responses from devices that respond slowly, such as printers and overloaded file servers, to be received.
AARP uses the appletalk arp probe interval value when obtaining the address of the local access server. This is done when the access server is being configured. You should not change the default value of this interval unless absolutely necessary, because this value directly modifies the AppleTalk dynamic node assignment algorithm.
AARP uses the appletalk arp request interval value when attempting to determine the hardware address of another node so that it can deliver a packet. You can change this interval as desired, although the default value is optimal for most sites.
The no appletalk arp command restores both the probe and request intervals specified in the appletalk arp interval and appletalk arp retransmit-count commands to their default values.
Example
In the following example, the AppleTalk ARP retry interval is lengthened to 2000 milliseconds:
appletalk arp request interval 2000Related Commands
appletalk arp retransmit-count
appletalk arp-timeout
appletalk glean-packets
show appletalk globalsappletalk arp retransmit-count
To specify the number of AARP probe or request transmissions, use the appletalk arp retransmit-count global configuration command. To restore both default values, use the no form of this command.
appletalk arp [probe | request] retransmit-count number
no appletalk arp [probe | request] retransmit-count numberSyntax Description
Default
If you omit the keyword, probe is the default.
probe—10
request—5Command Mode
Global configuration
Usage Guidelines
The value you specify takes effect immediately.
Increasing the number of retransmissions permits responses from devices that respond slowly, such as printers and overloaded file servers, to be received.
AARP uses the appletalk arp probe retransmit-count value when obtaining the address of the local router. This is done when the access server is being configured. You should not change the default value unless absolutely necessary, because this value directly modifies the AppleTalk dynamic node assignment algorithm.
AARP uses the appletalk arp request retransmit-count value when attempting to determine the hardware address of another node so that it can deliver a packet. You can change this interval as desired, although the default value is optimal for most sites.
The no appletalk arp command restores both the probe and request intervals specified in the appletalk arp interval and appletalk arp retransmit-count commands to their default values.
Example
The following example specifies an AARP retransmission count of 10 for AARP packets that are requesting the hardware address of another node on the network:
appletalk arp request retransmit-count 10Related Commands
appletalk arp interval
appletalk arp-timeout
appletalk glean-packets
show appletalk globalsappletalk arp-timeout
To specify the interval at which entries are aged out of the ARP table, use the appletalk arp-timeout interface configuration command. To return to the default timeout, use the no form of this command.
appletalk arp-timeout interval
no appletalk arp-timeout [interval]Syntax Description
interval
Time, in minutes, after which an entry is removed from the AppleTalk ARP table. The default is 240 minutes, or 4 hours.
Default
240 minutes (4 hours)
Command Mode
Interface configuration
Example
The following example changes the ARP timeout interval on Ethernet interface 0 to 2 hours:
interface ethernet 0appletalk cable-range 2-2appletalk arp-timeout 120Related Commands
appletalk arp interval
appletalk arp retransmit-count
appletalk glean-packetsappletalk aurp tickle-time
To set the AURP last-heard-from timer value, use the appletalk aurp tickle-time interface configuration command. To return to the default last-heard-from timer value, use the no form of this command.
appletalk aurp tickle-time seconds
no appletalk aurp tickle-time [seconds]Syntax Description
seconds
Time-out value, in seconds. This value can be a number in the range 30 to infinity. The default is 90 seconds.
Default
90 seconds
Command Mode
Interface configuration
Usage Guidelines
If the tunnel peer has not been heard from with the time specified by the least-heard-from timer value, the access server sends tickle packets to check that the tunnel peer is still up.
You can use this command only on tunnel interfaces.
Example
The following example changes the AURP last-heard-from timer value on tunnel interface 0 to 120 seconds:
interface tunnel 0appletalk aurp tickle-time 120Related Command
show appletalk interface
appletalk aurp update-interval
To set the minimum interval between AURP routing updates, use the appletalk aurp update-interval global configuration command. To return to the default interval, use the no form of this command.
appletalk aurp update-interval seconds
no appletalk aurp update-interval [seconds]Syntax Description
seconds
AURP routing update interval, in seconds. This interval must be a multiple of 10. The default is 30 seconds.
Default
30 seconds
Command Mode
Global configuration
Usage Guidelines
The AURP routing update interval applies only to tunnel interfaces.
Example
The following example changes the AURP routing update interval on tunnel interface 0 to 40 seconds:
interface tunnel 0appletalk aurp update-interval 40Related Command
appletalk cable-range
To enable an extended AppleTalk network, use the appletalk cable-range interface configuration command. To disable an extended AppleTalk network, use the no form of this command.
appletalk cable-range cable-range [network.node]
no appletalk cable-range cable-range [network.node]Syntax Description
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
You must enable routing on the interface before assigning zone names.
Specifying a cable range value of 0-0 places the interface into discovery mode. When in this mode, the access server attempts to determine cable range information from another router or access server on the network. You also can enable discovery mode with the appletalk discovery command. Discovery mode does not run over serial lines.
Example
The following example assigns a cable range of 3 to 3 to the interface:
interface ethernet 0appletalk cable-range 3-3Related Commands
appletalk address
appletalk discovery
appletalk zoneappletalk checksum
To enable the generation and verification of checksums for all AppleTalk packets (except routed packets), use the appletalk checksum global configuration command. To disable checksum generation and verification, use the no form of this command.
appletalk checksum
no appletalk checksumSyntax Description
This command has no arguments or keywords.
Default
Enabled
Command Mode
Global configuration
Usage Guidelines
When the appletalk checksum command is enabled, the access server discards incoming DDP packets when the checksum is nonzero and is incorrect, and when the access server is the final destination for the packet.
You might want to disable checksum generation and verification if you have very early devices, such as LaserWriter printers, that cannot receive packets that contain checksums.
Our routers and access servers do not check checksums on routed packets, thereby eliminating the need to disable checksum to allow operation of some networking applications.
Example
The following example disables the generation and verification of checksums:
no appletalk checksumRelated Command
appletalk client-mode
To allow users to access an AppleTalk zone when dialing into an asychronous line on the access server, use the interface configuration async command appletalk client-mode. Use the no form of the command to disable this configuration.
appletalk client-mode
no appletalk client-modeSyntax Description
This command has no arguments or keywords.
Default
Client mode is disabled.
Command Mode
Interface configuration
Usage Guidelines
This command allows an asynchronous interface to be used by a remote client to access one or more AppleTalk zones, use networked peripherals, and share files with other Macintosh users.
Before a client can access an AppleTalk zone on the remote network, you must first define the interface as async, the encapsulation as PPP, and create an internal network for the Macintosh client by using the appletalk virtual-net command.
This configuration does not support routing.
Example
The following example allows a user to access AppleTalk functionality on an asynchronous line using PPP:
appletalk client-modeRelated Commands
A dagger (†) indicates that the command is documented in another chapter. Two daggers (††) indicates that the command is documented in the Cisco Access Connection Guide.
appletalk virtual-net
encapsulation†
interface async†
ppp††appletalk discovery
To place an interface into discovery mode, use the appletalk discovery interface configuration command. To disable discovery mode, use the no form of this command.
appletalk discovery
no appletalk discoverySyntax Description
This command has no arguments or keywords.
Default
Discovery mode is disabled.
Command Mode
Interface configuration
Usage Guidelines
If an interface is connected to a network that has at least one other operational AppleTalk router, you can dynamically configure the interface using discovery mode. In discovery mode, an interface acquires network address information about the attached network from an operational router and then uses this information to configure itself.
If you enable discovery mode on an interface, then when the access server is starting up, that interface must acquire information to configure itself from another operational router on the attached network. If no operational router is present on the connected network, the interface will not start up.
If you do not enable discovery mode, then when the access server is starting up, the interface must acquire its configuration from memory. If the stored configuration is not complete, the interface will not start up. If there is another operational router on the connected network, the access server will verify the interface's stored configuration with that router. If there is any discrepancy, the interface will not start up. If there are no neighboring operational routers, the access server will assume the interface's stored configuration is correct and will start up.
Once an interface is operational, it can seed the configurations of other routers on the connected network regardless of whether you have enabled discovery mode on any of the routers.
If you enable appletalk discovery and the interface is restarted, another operational router must still be present on the directly connected network in order for the interface to start up.
It is not advisable to have all routers on a network configured with discovery mode enabled. If all routers were to restart simultaneously (for instance, after a power failure), the network would become inaccessible until at least one router were restarted with discovery mode disabled.
You also can enable discovery mode by specifying an address of 0.0. in the appletalk address command or a cable range of 0-0 in the appletalk cable-range command.
Discovery mode is useful when you are changing a network configuration or when you are adding an access server to an existing network.
Discovery mode does not run over serial lines.
Use the no appletalk discovery command to disable discovery mode. If the interface is not operational when you issue this command (that is, if you have not issued an appletalk zone command on the interface), you must configure the zone name next. If the interface is operational when you issue the no appletalk discovery command, you can save the current configuration (in running memory) in nonvolatile memory by issuing the copy running-config startup-config EXEC command.
Example
The following example enables discovery mode on Ethernet interface 0:
interface ethernet 0appletalk discoveryRelated Commands
A dagger (†) indicates that the command is documented in another chapter.
appletalk address
appletalk cable-range
appletalk zone
show appletalk interface
copy running-config startup-config †appletalk distribute-list in
To filter routing updates received from other routers over a specified interface, use the appletalk distribute-list in interface configuration command. To remove the routing table update filter, use the no form of this command.
appletalk distribute-list access-list-number in
no appletalk distribute-list [access-list-number in]Syntax Description
Default
No routing filters are preconfigured.
Command Mode
Interface configuration
Usage Guidelines
The appletalk distribute-list in command controls which networks and cable ranges in routing updates will be entered into the local routing table.
Filters for incoming routing updates use access lists that define conditions for networks and cable ranges only. They cannot use access lists that define conditions for zones. All zone information in an access list assigned to the interface with the appletalk distribute-list in command is ignored.
An input distribution list filters network numbers received in an incoming routing update. When AppleTalk routing updates are received on the specified interface, each network number and cable range in the update is checked against the access list. Only network numbers and cable ranges that are permitted by the access list are inserted into the access server's AppleTalk routing table.
Example
The following example prevents the access server from accepting routing table updates received from network 10 and on Ethernet interface 3:
access-list 601 deny network 10access-list 601 permit other-accessinterface ethernet 3appletalk distribute-list 601 inRelated Commands
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
appletalk distribute-list outappletalk distribute-list out
To filter routing updates transmitted to other routers, use the appletalk distribute-list out interface configuration command. To remove the routing table update filter, use the no form of this command.
appletalk distribute-list access-list-number out
no appletalk distribute-list [access-list-number out]Syntax Description
Default
No routing filters are preconfigured.
Command Mode
Interface configuration
Usage Guidel
