Table Of Contents

Configuring Novell IPX

Cisco's Implementation of Novell IPX

IPX Addresses

IPX Configuration Task List

Enable IPX Routing

Enable IPX Routing on the Access Server

Assign Network Numbers to Individual Interfaces

Assign Network Numbers to Interfaces That Support a Single Network

Assign Network Numbers to Interfaces That Support Multiple Networks

Configure NLSP

Define an Internal Network

Enable NLSP Routing in the Cisco IOS Software

Configure NLSP on an Interface

Configure NLSP on a LAN Interface

Configure NLSP on a WAN Interface

Configure RIP and SAP Compatibility

Configure Maximum Hop Count

Configure the Link Delay and Throughput

Configure the Metric Value

Configure the Priority of the System for Designated Router Election

Configure Default Routes

Configure Transmission and Retransmission Intervals

Modify Link-State Packet (LSP) Parameters

Configure IPX Enhanced IGRP

Cisco's Implementation of IPX Enhanced IGRP

IPX Enhanced IGRP Configuration Task List

Enable IPX Enhanced IGRP

Configure Miscellaneous Parameters

Redistribute Routing Information

Adjust the Interval between Hello Packets and the Hold Time

Disable Split Horizon

Control SAP Updates

Control the Advertising of Routes in Routing Updates

Control the Processing of Routing Updates

Query the Backup Server

Monitor IPX Enhanced IGRP on an IPX Network

Control Access to IPX Networks

Create Access Lists

Create Generic Filters

Create Filters for Updating the Routing Table

Create SAP Filters

Create GNS Response Filters

Create IPX NetBIOS Filters

Create Broadcast Message Filters

Tune IPX Network Performance

Control Novell IPX Compliance

Configure Static Routes

Adjust Routing Table Update Timers

Configure RIP Update Packet Size

Configure Static SAP Table Entries

Configure the Queue Length for SAP Requests

Adjust SAP Update Timers

Configure SAP Update Packet Size

Set Maximum Paths

Control Responses to GNS Requests

Use Helper Addresses to Forward Broadcast Messages

Control the Forwarding of Type 20 Packets

Enable the Forwarding of Type 20 Packets

Restrict the Acceptance of Incoming Type 20 Packets

Restrict the Forwarding of Outgoing Type 20 Packets

Repair Corrupted Network Numbers

Pad Odd-Length Packets

Configure IPX Accounting

Shut Down an IPX Network

Configure IPX over WANs

Configure IPX over DDR

Configure SPX Spoofing over DDR

Configure the IPXWAN Protocol

Monitor and Maintain the IPX Network

Configuration Examples

Enabling IPX Routing Example

Enabling and Disabling IPX Routing on Multiple Networks Example

Enabling and Disabling IPX Routing Protocols Examples

Enabling IPX Enhanced IGRP Example

Enabling IPX over a WAN Interface Example

IPX over DDR Example

IPX Network Access Example

SAP Input Filter Example

SAP Output Filter Example

Enhanced IGRP SAP Update Examples

IPX NetBIOS Filter Examples

Helper Facilities to Control Broadcasts Examples

Forwarding to an Address Example

All-Nets Flooded Broadcast Example

Forwarding to All Networks Example

IPX Accounting Example

Configuring Novell IPX

---

Novell Internet Packet Exchange (IPX) is derived from the Xerox Network Systems (XNS) Internet Datagram Protocol (IDP). IPX and XNS have the following differences:

•IPX and XNS do not always use the same Ethernet encapsulation format.

•IPX uses Novell's proprietary Service Advertisement Protocol (SAP) to advertise special network services. File servers and print servers are examples of services that are typically advertised.

•IPX uses ticks, while XNS uses hop count as the primary metric in determining the best path to a destination.

This chapter describes how to configure Novell IPX and provides configuration examples. For a complete description of the commands mentioned in this chapter, refer to the "Novell IPX Commands" chapter in the Access and Communication Servers Command Reference publication. For historical background and a technical overview of Novell IPX, see the Internetworking Technology Overview publication.

Cisco's Implementation of Novell IPX

Cisco's implementation of Novell's IPX protocol has been certified as providing full IPX router functionality. An access server connects Ethernet and Token Ring networks, either directly or through high-speed serial lines (56 kbps to T1 speeds), X.25, or Frame Relay. At this time, the Cisco X.25 and T1 support is not compatible with Novell. This means that our access servers must be used on both ends of T1 and X.25 circuits.

Cisco supports the IPX MIB. The IPX Accounting group represents one of the local variables we support. This group provides access to the active database that is created and maintained if IPX accounting is enabled in the Cisco IOS software.

Cisco routers also support IPX Enhanced IGRP, which provides the following features:

•Automatic redistribution. IPX RIP routes are automatically redistributed into Enhanced IGRP, and Enhanced IGRP routes are automatically redistributed into RIP. If desired, you can turn off redistribution. You also can completely turn off Enhanced IGRP and IPX RIP on the router or on individual interfaces.

•Increased network width. With IPX RIP, the largest possible width of your network is 15 hops. When Enhanced IGRP is enabled, the largest possible width is 224 hops. Because the enhanced IGRP metric is large enough to support thousands of hops, the only barrier to expanding the network is the transport layer hop counter. Cisco works around this problem by incrementing the transport control field only when an IPX packet has traversed 15 routers and the next hop to the destination was learned via enhanced IGRP. When a RIP route is being used as the next hop to the destination, the transport control field is incremented as usual.

•Incremental SAP updates. Complete SAP updates are sent periodically on each interface until an Enhanced IGRP neighbor is found and thereafter only when there are changes to the SAP table. This procedure works by taking advantage of enhanced IGRP's reliable transport mechanism, which means that an Enhanced IGRP peer must be present for incremental SAPs to be sent. If no peer exists on a particular interface, periodic SAPs will be sent on that interface until a peer is found. This functionality is automatic on serial interfaces and can be configured on LAN media.

IPX Addresses

An IPX network address consists of a network number and a node number expressed in the format network.node.

The network number identifies a physical network. It is a 4-byte (32-bit) quantity that must be unique throughout the entire IPX internetwork. The network number is expressed as eight hexadecimal digits. The Cisco IOS software does not require that you enter all eight digits: you can omit leading zeros.

The node number identifies a node on the network. It is a 48-bit quantity, represented by dotted triplets of four-digit hexadecimal numbers.

The following is an example of an IPX network address:

4a.0000.0c00.23fe

In this example, the network number is 4a (more specifically, 0000004a), and the node number is 0000.0c00.23fe. All digits in the address are hexadecimal.

IPX Configuration Task List

To configure IPX routing, complete the tasks in the following sections. At a minimum, you must enable IPX routing. The remaining tasks are optional.

•Enable IPX Routing

•Configure NLSP

•Control Access to IPX Networks

•Tune IPX Network Performance

•Configure IPX Accounting

•Configure IPX Accounting

•Shut Down an IPX Network

•Configure IPX over WANs

•Monitor and Maintain the IPX Network

See the "Configuration Examples" section at the end of this chapter for configuration examples.

Enable IPX Routing

To enable IPX routing, you must perform the tasks described in the following sections:

•Enable IPX Routing on the Access Server

•Assign Network Numbers to Individual Interfaces

Enable IPX Routing on the Access Server

The first step in enabling IPX routing is to enable it in the Cisco IOS software. If you do not specify the node number of the access server, the access server uses the hardware media access control (MAC) address currently assigned to it as its node address. This is the MAC address of the first Ethernet or Token Ring interface card.

To enable IPX routing, perform the following global configuration task:

Task	Command
Enable IPX routing in the Cisco IOS software.	ipx routing [node]

For an example of how to enable IPX routing, see the section "Enabling IPX Routing Example" at the end of this chapter.

Assign Network Numbers to Individual Interfaces

After you have enabled IPX routing in the Cisco IOS software, you assign network numbers to individual interfaces on the access server. This has the effect of enabling IPX routing on those interfaces. When you enable IPX routing on an interface, you also can specify an encapsulation (frame type) to use for packets being transmitted on that network.

A single interface can support a single network or multiple logical networks. For a single network, you can configure any encapsulation type. Of course, it should match the encapsulation type of the servers and clients using that network number.

When assigning network numbers to an interface that supports multiple networks, you must specify a different encapsulation type for each network. Because multiple networks share the physical medium, this allows the Cisco IOS software to determine which packets belong to which network. For example, you can configure up to four IPX networks on a single Ethernet cable, because four encapsulation types are supported for Ethernet. Again, the encapsulation type should match the servers and clients using the same network number.

The following sections describe how to enable IPX routing on interfaces that support a single network and those that support multiple networks.

Assign Network Numbers to Interfaces That Support a Single Network

To assign a network number to an interface that supports a single network, perform the following interface configuration task:

Task	Command
Enable IPX routing on an interface.	ipx network [network | unnumbered] encapsulation encapsulation-type

If you specify an encapsulation type, make sure you choose the one that matches the encapsulation used by the servers and clients on that network.

For an example of how to enable IPX routing, see the section "Enabling IPX Routing Example" in this publication.

Assign Network Numbers to Interfaces That Support Multiple Networks

To assign network numbers to interfaces that support multiple networks, you normally use subinterfaces. A subinterface is a mechanism that allows a single physical interface to support multiple logical interfaces or networks. That is, several logical interfaces or networks can be associated with a single hardware interface. Each subinterface must use a distinct encapsulation, and the encapsulation must match the encapsulation tyhpe used by the clients and servers using the same network number. To run NLSP on multiple networks on the same physical LAN interface, you must configure subinterfaces.

Any interface configuration parameters that you specify on an individual subinterface are applied to that subinterface only.

To configure multiple IPX networks on a physical interface using subinterfaces, perform the following tasks starting in global configuration mode:

Task	Command
Step 1 Specify a subinterface.	interface type interface-number.subinterface-number
Step 2 Enable IPX routing, specifying the first encapsulation type.	ipx network [network | unnumbered] encapsulation encapsulation-type

To configure more than one subinterface, repeat these two steps.

---

Note   When enabling NLSP and configuring multiple encapsulations on the same physical LAN interface, you must use subinterfaces. You cannot use secondary networks.

---

For examples of configuring multiple IPX networks on an interface, see the section "Enabling and Disabling IPX Routing Protocols Examples" later in this chapter.

lists the encapsulation types you can use on IEEE interfaces and shows the correspondence between the encapsulation type and the IPX frame type.

Table 20-1 Novell IPX Encapsulation Types on IEEE Interfaces

Interface Type	Encapsulation Type	IPX Frame Type
Ethernet	novell-ether (default) arpa sap snap	Ethernet_802.3 Ethernet_II Ethernet_802.2 Ethernet_Snap
Token Ring	sap (default) snap	Token-Ring Token-Ring_Snap
FDDI	snap (default) sap	Fddi_Snap Fddi_802.2

When assigning network numbers to interfaces that support multiple networks, you can also configure primary and secondary networks. The first logical network you configure on an interface is considered the primary network. Any additional networks are considered secondary networks. Again, each network on an interface must use a distinct encapsulation and it should match that of the clients and servers using the same network number.

Any interface configuration parameters that you specify on this interface are applied to all the logical networks. For example, if you set the routing update timer to 120 seconds, this value is used on all four networks.

To use primary and secondary networks to configure multiple IPX networks on an interface, perform the following tasks in interface configuration mode:

Task	Command
Step 1 Enable IPX routing on the primary network.	ipx network [network | unnumbered] encapsulation encapsulation-type
Step 2 Enable IPX routing on a secondary network.	iipx network [network | unnumbered] encapsulation encapsulation-type

To configure more than one secondary network, repeat Step 2 as appropriate.

---

Note   When enabling NLSP and configuring multiple encapsulations on the same physical LAN interface, you must use subinterfaces. You cannot use secondary networks.

---

Configure NLSP

The NetWare Link Services Protocol (NLSP) is a link-state routing protocol based on the Open Systems Interconnection (OSI) Intermediate System to Intermediate System (IS-IS) protocol.

NLSP is designed to be used in a hierarchical routing environment in which networked systems are grouped into routing areas. Routing areas can then be grouped into routing domains, and domains can be grouped into an internetwork.

Level 1 routers are used to connect networked systems within a given routing area. Areas are connected to each other by level 2 routers, and domains are connected by level 3 routers. A level 2 router also acts as a level 1 router within its own area; likewise, a level 3 router also acts as a level 2 router within its own domain.

The current NLSP specification defines only level 1 procedures, which allow operation within a routing area and routing to the nearest level 2 router only.

The router at each level of the topology stores complete information for its level. For instance, level 1 routers store complete link-state information about their entire area. This information includes a record of all the routers and access servers in the area, the links connecting them, the operational status of the devices and links, and other related parameters. For each point-to-point link, the database records the end-point communication servers and the state of the link. For each LAN, the database records which routers or are connected to the LAN. Similarly, level 2 routers would store information about all the areas in the routing domain, and level 3 routers would store information about all the domains in the internetwork.

Our implementation of NLSP is based on revision 1.0 of the Novell NLSP specification, which specifies routing with a routing area (that is, Level 1 routing). Our implementation of NLSP also includes NLSP MIB variables.

NLSP is a link-state protocol. This means that every router or access server in a routing area maintains an identical copy of the link-state database, which contains all information about the topology of the area. All routers and access servers synchronize their views of the databases among themselves to keep their copies of the link-state databases consistent. NLSP has three major databases:

•Adjacency—keeps track of the access server's immediate neighbors and the operational status of the directly attached links by exchanging hello packets. Adjacencies are created upon receipt of periodic hello packets. If a link or device (router or access server) goes down, adjacencies time out and are deleted from the database.

•Link state—tracks the connectivity of an entire routing area by aggregating the immediate neighborhood information from all routers into link-state packets (LSPs). Link-state packets contain lists of adjacencies. They are flooded to all other routers via a reliable flooding algorithm every time a link state changes. LSPs are refreshed every two hours. To keep the size of the link-state database reasonable, NLSP uses fictitious pseudonodes, which represent the LAN as a whole, and designated routers, which originate LSPs on behalf of the pseudonode.

•Forwarding—calculated from the adjacency and link state databases using Dijkstra's Shortest Path First (SPF) algorithm.

To configure NLSP, you must have configured IPX routing in the Cisco IOS software, as described in this chapter. Then, you must perform the tasks described in the following sections:

•Define an Internal Network

•Enable NLSP Routing in the Cisco IOS Software

•Configure NLSP on an Interface

You can optionally perform the tasks described in the following sections:

•Configure RIP and SAP Compatibility

•Configure Maximum Hop Count

•Configure the Link Delay and Throughput

•Configure the Metric Value

•Configure the Priority of the System for Designated Router Election

•Configure Default Routes

•Configure Transmission and Retransmission Intervals

•Modify Link-State Packet (LSP) Parameters

For an example of enabling NLSP, see the section "Enabling and Disabling IPX Routing Protocols Examples" in this chapter.

Define an Internal Network

An internal network number is a number assigned to the access server. In order for NLSP to operate, you must configure an internal network number for each device (router or access server).

To enable IPX routing and define an internal network numbers, perform the following task in global configuration mode:

Task	Command
Enable IPX routing.	ipx routing
Define an internal network number.	ipx internal-network network-number

Enable NLSP Routing in the Cisco IOS Software

To enable NLSP in the Cisco IOS software, perform the following tasks starting in global configuration mode:

Task	Command
Step 1 Enable NLSP in the Cisco IOS software.	ipx router nlsp
Step 2 Define a set of network numbers to be part of the current NLSP area.	area-address address mask

Configure NLSP on an Interface

You configure NLSP differently on LAN and WAN interfaces, as described in the following sections.

Configure NLSP on a LAN Interface

To configure NLSP on a LAN interface, perform the following tasks in interface configuration mode:

Task	Command
Step 1 Enable IPX routing on an interface.	ipx network [network | unnumbered] encapsulation encapsulation-type
Step 2 Enable NLSP on the interface.	ipx nlsp enable

To configure multiple encapsulations on the same physical LAN interfaces, you must configure subinterfaces. Each subinterface must have a different encapsulation type. To do this, perform the following tasks starting in global configuration mode:

Task	Command
Step 1 Specify a subinterface.	interface type interface-number.subinterface-number
Step 2 Enable IPX routing, specifying the first encapsulation type.	ipx network [network | unnumbered] encapsulation encapsulation-type
Step 3 Enable NLSP on the subinterface.	ipx nlsp enable

Repeat these three steps for each subinterface.

---

Note   When enabling NLSP and configuring multiple encapsulations on the same physical LAN interface, you must use subinterfaces. You cannot use secondary networks.

---

Configure NLSP on a WAN Interface

To configure NLSP on a WAN interface, perform the following tasks starting in global configuration mode:

Task	Command
Step 1 Specify a serial interface.	interface serial number
Step 2 Enable IPXWAN.	ipx ipxwan [local-node unnumbered local-server-name retry-interval retry-limit]
Step 3 Enable NLSP on the interface.	ipx nlsp enable

Configure RIP and SAP Compatibility

RIP and SAP are enabled by default on all interfaces configured for IPX, and these interfaces always respond to RIP and SAP requests. When you also enable NLSP on an interface, the interface, by default, generates and sends RIP and SAP periodic traffic only if another RIP router or SAP service is sending RIP or SAP traffic.

To modify the generation of periodic RIP udpates on a network enabled for NLSP, perform one of the following tasks in interface configuration mode:

Task	Command
Never generate RIP periodic traffic.	ipx nlsp rip off
Always generate RIP periodic traffic.	ipx nlsp rip on
Send RIP periodic traffic only if another RIP router is sending periodic RIP traffic. (This is the default on interfaces configured for NLSP.)	ipx nlsp rip auto

To modify the generation of periodic SAP updates on a network enabled for NLSP, perform one of the following tasks in interface configuration mode:

Task	Command
Never generate SAP periodic traffic.	ipx nlsp sap off
Always generate SAP periodic traffic.	ipx nlsp sap on
Send SAP periodic traffic only if another SAP service is sending periodic SAP traffic. (This is the default on interfaces configured for NLSP.)	ipx nlsp sap auto

Configure Maximum Hop Count

By default, IPX packets whose hop count exceeds 15 are discarded. In larger internetworks, this may be insufficient. You can increase the hop count to a maximum of 254 hops. To modify the maximum hop count, perform the following task in global configuration mode:

Task	Command
Set the maximum hop count accepted from RIP update packets.	ipx maximum-hops hops

 

Configure the Link Delay and Throughput

The delay and throughput of each link is used by NLSP as part of its route calculations. By default, these parameters are set to reasonable values or, in the case of IPXWAN, are dynamically measured.

The link delay and throughput you specify overrides the value measured by IPXWAN when it starts. The value is also supplied to NLSP for use in metric calculations.

To change the link delay, perform the following task in interface configuration mode:

Task	Command
Specify the link delay.	ipx link-delay microseconds

To change the throughput, perform the following task in interface configuration mode:

Task	Command
Specify the throughput.	ipx throughput bits-per-second

Configure the Metric Value

NLSP assigns a default link cost (metric) based on the link throughput. If desired, you can set the link cost manually. To set the NLSP link cost for an interface, perform the following task in interface configuration mode:

Task	Command
Set the metric value for an interface.	ipx nlsp metric metric-number

 

Configure the Priority of the System for Designated Router Election

---

Note   In the context of this discussion, the term "designated router" refers to an access server.

---

NLSP elects a designated router on each LAN interface. This router creates a virtual router called a pseudonode, which generates routing information on behalf of the LAN and transmits it to the rest of the routing area. The routing information generated includes adjacencies and RIP routes. The use of a designated router significantly reduces the number of entries in the adjacency database.

By default, electing a designated router is done automatically. However, you can manually affect the identity of the designated router by changing the priority of the system; the system with the highest priority is elected to be the designated router.

By default, the priority of the system is 44. To change it, perform the following task in interface configuration mode:

Task	Command
Configure the designated router election priority.	ipx nlsp priority priority-number

Configure Default Routes

The default route is used when a route to any destination network is unknown. By default, IPX treats network number -2 (0xFFFFFFFE) as the default route. To disable the use of this default route, perform the following task in global configuration mode:

Task	Command
Disable default route handling.	ipx default-route

Unless configured otherwise, all known routes are advertised out each interface. However, you can choose to advertise only the default route if it is known. This greatly reduces the CPU overhead when routing tables are large. Note that services are not considered to be reachable via the default route alone. A specific route to the destination network must be known before a service advertisement will be accepted. Therefore, advertise only the default route with caution if services are to be advertised via the interface.

To advertise only the default route via an interface, perform the following task in interface configuration mode:

Task	Command
Advertise only the RIP default route	ipx advertise-default-route-only network

Configure Transmission and Retransmission Intervals

You can configure the hello and CSNP transmission intervals, and the LSP retransmission interval.

To configure the hello transmission interval, perform the following task in interface configuration mode:

Task	Command
Configure the hello transmission interval.	ipx nlsp hello-interval seconds

To configure the CSNP transmission interval, perform the following task in interface configuration mode:

Task	Command
Configure the CSNP transmission interval.	ipx nlsp csnp-interval seconds

To configure the LSP retransmission interval, perform the following task in interface configuration mode:

Task	Command
Configure the LSP retransmission interval.	ipx nlsp retransmit-interval seconds

Modify Link-State Packet (LSP) Parameters

To modify LSP parameters, perform one or more of the following tasks in router configuration mode:

Task	Command
Set the minimum LSP generation interval.	lsp-gen-interval seconds
Set the maximum time the LSP persists.	max-lsp-lifetime seconds
Set the LSP refresh time.	lsp-refresh-interval seconds
Set the maximum size of a link-state packet.	lsp-mtu bytes
Set the minimum time between SPF calculations.	spf-interval seconds

Configure IPX Enhanced IGRP

Enhanced IGRP is an enhanced version of the Interior Gateway Routing Protocol (IGRP) developed by Cisco Systems, Inc. Enhanced IGRP uses the same distance vector algorithm and distance information as IGRP. However, the convergence properties and the operating efficiency of Enhanced IGRP have improved significantly over IGRP.

The convergence technology is based on research conducted at SRI International and employs an algorithm referred to as the Diffusing Update Algorithm (DUAL). This algorithm guarantees loop-free operation at every instant throughout a route computation and allows all devices (routers and access servers) involved in a topology change to synchronize at the same time. Devices that are not affected by topology changes are not involved in recomputations. The convergence time with DUAL rivals that of any other existing routing protocol.

Cisco's Implementation of IPX Enhanced IGRP

•Fast convergence. The DUAL algorithm allows routing information to converge as quickly as any currently available routing protocol.

•Partial updates. Enhanced IGRP sends incremental updates when the state of a destination changes, instead of sending the entire contents of the routing table. This feature minimizes the bandwidth required for Enhanced IGRP packets.

•Less CPU usage than IGRP. This occurs because full update packets do not have to be processed each time they are received.

•Neighbor discovery mechanism. This is a simple hello mechanism used to learn about neighboring routers. It is protocol-independent.

•Scaling. Enhanced IGRP scales to large networks.

Enhanced IGRP has four basic components:

•Neighbor discovery/recovery

•Reliable transport protocol

•DUAL finite state machine

•Protocol-dependent modules

Neighbor discovery/recovery is the process that routers use to dynamically learn of other routers on their directly attached networks. Routers must also discover when their neighbors become unreachable or inoperative. Neighbor discovery/recovery is achieved with low overhead by periodically sending small hello packets. As long as hello packets are received, a router can determine that a neighbor is alive and functioning. Once this status is determined, the neighboring routers can exchange routing information.

The reliable transport protocol is responsible for guaranteed, ordered delivery of Enhanced IGRP packets to all neighbors. It supports intermixed transmission of multicast and unicast packets. Some Enhanced IGRP packets must be transmitted reliably and others need not be. For efficiency, reliability is provided only when necessary. For example, on a multiaccess network that has multicast capabilities, such as Ethernet, it is not necessary to send hellos reliably to all neighbors individually. Therefore, Enhanced IGRP sends a single multicast hello with an indication in the packet informing the receivers that the packet need not be acknowledged. Other types of packets, such as updates, require acknowledgment, and this is indicated in the packet. The reliable transport has a provision to send multicast packets quickly when there are unacknowledged packets pending. Doing so helps ensure that convergence time remains low in the presence of varying speed links.

The DUAL finite state machine embodies the decision process for all route computations. It tracks all routes advertised by all neighbors. DUAL uses the distance information, known as a metric, to select efficient, loop-free paths. DUAL selects routes to be inserted into a routing table based on feasible successors. A successor is a neighboring router used for packet forwarding that has a least-cost path to a destination that is guaranteed not to be part of a routing loop. When there are no feasible successors but there are neighbors advertising the destination, a recomputation must occur. This is the process whereby a new successor is determined. The amount of time it takes to recompute the route affects the convergence time. Even though the recomputation is not processor intensive, it is advantageous to avoid recomputation if it is not necessary. When a topology change occurs, DUAL will test for feasible successors. If there are feasible successors, it will use any it finds in order to avoid unnecessary recomputation.

The protocol-dependent modules are responsible for network layer protocol-specific tasks. It is also responsible for parsing Enhanced IGRP packets and informing DUAL of the new information received. Enhanced IGRP asks DUAL to make routing decisions, but the results are stored in the IPX routing table. Also, Enhanced IGRP is responsible for redistributing routes learned by other IPX routing protocols.

To enable IPX Enhanced IGRP, complete the tasks in the following sections. Only the first task is required; the remaining task is optional.

•Enable IPX Enhanced IGRP

•Configure Miscellaneous Parameters

IPX Enhanced IGRP Configuration Task List

To configure IPX Enhanced IGRP, complete the tasks in the following sections. At a minimum, you must enable IPX Enhanced IGRP. The remaining tasks are optional.

•Enable IPX Enhanced IGRP

•Configure Miscellaneous Parameters

•Monitor IPX Enhanced IGRP on an IPX Network

See the "Configuration Examples" section at the end of this chapter for configuration examples.

Enable IPX Enhanced IGRP

To create an IPX Enhanced IGRP routing process, perform the following tasks:

Task	Command
Step 1 Enable an IPX Enhanced IGRP routing process in global configuration mode.	ipx router eigrp autonomous-system-number
Step 2 Enable Enhanced IGRP on a network in IPX router configuration mode.	network {network-number | all}

For an example of how to enable IPX Enhanced IGRP, see the section "Enabling and Disabling IPX Routing Protocols Examples."

To associate multiple networks with an IPX Enhanced IGRP routing process, you can repeat step 2.

Configure Miscellaneous Parameters

To configure the following miscellaneous IPX Enhanced IGRP parameters, perform one or more of the following tasks:

•Redistribute Routing Information

•Adjust the Interval between Hello Packets and the Hold Time

•Disable Split Horizon

•Control SAP Updates

•Control the Advertising of Routes in Routing Updates

•Control the Processing of Routing Updates

•Query the Backup Server

Redistribute Routing Information

By default, the router redistributes IPX RIP routes into IPX Enhanced IGRP, and vice versa. When routes are redistributed, a RIP route to a destination with a hop count of 1 is always preferred over an Enhanced IGRP route with a hop count of 1. This ensures that the router always believes a Novell IPX server over a Cisco router for internal IPX networks. The only exception to this rule is if both the RIP and Enhanced IGRP updates were received from the same router. In this case, and in the case of all other RIP metrics (2 through 15), the Enhanced IGRP route always is preferred over the RIP route when the hop counts are the same.

Internal Enhanced IGRP routes are always preferred over external Enhanced IGRP routes. This means that if there are two Enhanced IGRP paths to a destination, the path that originated within the Enhanced IGRP autonomous system will always be preferred over the Enhanced IGRP path that originated from outside of the autonomous system, regardless of the metric. Redistributed RIP routes are always advertised in Enhanced IGRP as external.

To disable route redistribution, perform the following task in IPX router configuration mode:

Task	Command
Disable redistribution of RIP routes into Enhanced IGRP and Enhanced IGRP routes into RIP.	no redistribute {rip | eigrp autonomous-system-number | connected | static}

Adjust the Interval between Hello Packets and the Hold Time

You can adjust the interval between hello packets and the hold time.

Routers periodically send hello packets to each other to dynamically learn of other routers on their directly attached networks. Routers use this information to discover who their neighbors are and to discover when their neighbors become unreachable or inoperative. By default, hello packets are sent every 5 seconds.

You can configure the hold time, in seconds, on a specified interface for the IPX Enhanced IGRP routing process designated by the autonomous system number. The hold time is advertised in hello packets and indicates to neighbors the length of time they should consider the sender valid. The default hold time is three times the hello interval, or 15 seconds.

To change the interval between hello packets, perform the following task in interface configuration mode:

Task	Command
Set the interval between hello packets.	ipx hello-interval eigrp autonomous-system-number seconds

On very congested and large networks, 15 seconds may not be sufficient time for all routers to receive hello packets from their neighbors. In this case, you may want to increase the hold time. To do this, perform the following task in interface configuration mode:

Task	Command
Set the hold time.	ipx hold-time eigrp autonomous-system-number seconds

---

Note   Do not adjust the hold time without advising technical support.

---

Disable Split Horizon

Split horizon controls the sending of Enhanced IGRP update and query packets. If split horizon is enabled on an interface, these packets are not sent for destinations if this interface is the next hop to that destination.

By default, split horizon is enabled on all interfaces.

Split horizon blocks information about routes from being advertised by a router out any interface from which that information originated. This behavior usually optimizes communication among multiple routers, particularly when links are broken. However, with nonbroadcast networks, such as Frame Relay and SMDS, situations can arise for which this behavior is less than ideal. For these situations, you may wish to disable split horizon.

To disable split horizon, perform the following task in interface configuration mode:

Task	Command
Disable split horizon.	no ipx split-horizon eigrp autonomous-system-number

Control SAP Updates

If IPX Enhanced IGRP peers are found on an interface, you can configure the Cisco IOS software to send SAP updates either periodically or when a change occurs in the SAP table. When no IPX Enhanced IGRP peer is present on the interface, periodic SAPs are always sent.

On serial lines, by default, if an Enhanced IGRP neighbor is present, the Cisco IOS software sends SAP updates only when the SAP table changes. On Ethernet, Token Ring, and FDDI interfaces, by default, the Cisco IOS software sends SAP updates periodically. To reduce the amount of bandwidth required to send SAP updates, you might want to disable the periodic sending of SAP updates on LAN interfaces. Do this only when all nodes out this interface are Enhanced IGRP peers; otherwise, loss of SAP information on the other nodes will result.

To send SAP updates only when a change occurs in the SAP table, perform the following task in interface configuration mode:

Task	Command
Send SAP updates only when a change in the SAP table occurs, and send SAP changes only.	ipx sap-incremental eigrp autonomous-system-number

To send periodic SAP updates, perform the following task in interface configuration mode:

Task	Command
Send SAP updates periodically.	no ipx sap-incremental eigrp autonomous-system-number

For an example of how to configure SAP updates, see the section "Enhanced IGRP SAP Update Examples" in this publication.

Control the Advertising of Routes in Routing Updates

To control which routers learn about routes, you can control the advertising of routes in routing updates. To do this, perform the following task in router configuration mode:

Task	Command
Control the advertising of routes in routing updates.	distribute-list access-list-number out [interface-name | routing-process]

Control the Processing of Routing Updates

To control the processing of routes listed in incoming updates, perform the following task in router configuration mode:

Task	Command
Control which incoming route updates are processes.	distribute-list access-list-number in [interface-name]

Query the Backup Server

The backup server table is a table kept for each Enhanced IGRP peer. It lists the IPX servers that have been advertised by that peer. If a server is removed from the main server table at any time and for any reason, the router examines the backup server table to see if this just-removed server is known by any of the Enhanced IGRP peers. If it is, the information from that peer is advertised back into the main server table just as if that peer had readvertised the server information to this router. Using this method to allow the router to keep the backup server table consistent with what is advertised by each peer means that only changes to the table need to be advertised between Enhanced IGRP routers; full periodic updates do not need to be sent.

By default, the router queries its own copy of each Enhanced IGRP neighbor's backup server table every 15 seconds. To change this interval, perform the following global configuration task:

Task	Command
Specify the minimum period of time between successive queries of a neighbor's backup server table.	ipx backup-server-query-interval interval

Monitor IPX Enhanced IGRP on an IPX Network

To monitor Enhanced IGRP on an IPX network, perform one or more of the following tasks at the EXEC prompt:

Task	Command
List the neighbors discovered by IPX Enhanced IGRP.	show ipx eigrp neighbors [servers] [autonomous-system-number | type unit]
Display the contents of the IPX Enhanced IGRP topology table.	show ipx eigrp topology [network-number]
Display the contents of the IPX routing table, including Enhanced IGRP entries.	show ipx route [network-number]
Display information about IPX traffic, including Enhanced IGRP traffic.	show ipx traffic

Control Access to IPX Networks

To control access to IPX networks, you create access lists and then apply them with filters to individual interfaces.

There are four types of IPX access lists that you can use to filter various kinds of traffic:

•Standard access list—Restricts traffic based on the source network number. You can further restrict traffic by specifying a destination address and a source and destination address mask. Standard IPX access lists have numbers from 800 to 899.

•Extended access list—Restricts traffic based on the IPX protocol type. You can further restrict traffic by specifying source and destination addresses and address masks, and source and destination sockets. Extended IPX access lists have numbers from 900 to 999.

•SAP access list—Restricts traffic based on the IPX Service Advertisement Protocol (SAP) type. These lists are used for SAP filters and Get Nearest Server (GNS) response filters. Novell SAP access lists have numbers from 1000 to 1099.

•IPX NetBIOS access list—Restricts IPX NetBIOS traffic based on NetBIOS names, not numbers.

There are 13 different IPX filters that you can define for IPX interfaces. They fall into five groups:

•Generic output filters—Control which packets are routed out an interface based on the packet's source and destination addresses and IPX protocol type.

•Routing table filters—Control which Routing Information Protocol (RIP) updates are accepted and advertised by the access server and which devices the local access server accepts RIP updates from.

•SAP filters—Control which SAP services the Cisco IOS software accepts and advertises and which Get Nearest Server (GNS) response messages it sends out.

•IPX NetBIOS filters—Control incoming and outgoing IPX NetBIOS packets.

•Broadcast filters—Control which broadcast packets are forwarded.

summarizes the types of filters and the commands you use to define them. Use the show ipx interfaces command to display the filters defined on an interface.

Table 20-2 IPX Filters

Filter Type	Command Used to Define Filter
Generic filters
Filter outbound packets based on protocol, address   and address mask, and socket.	ipx access-group access-list-number
Routing table filters
Control which networks are added to the routing table.	ipx input-network-filter access-list-number
Control which networks are advertised in routing updates.	ipx output-network-filter access-list-number
Control the devices from which updates are accepted.	ipx router-filter access-list-number
SAP filters
Filter incoming service advertisements.	ipx input-sap-filter access-list-number
Filter outgoing service advertisements.	ipx output-sap-filter access-list-number
Control the devices s from which SAP updates are accepted.	ipx router-sap-filter access-list-number
Filter list of servers in GNS response messages.	ipx output-gns-filter access-list-number
IPX NetBIOS filters
Filter incoming packets by node name.	ipx netbios input-access-filter host name
Filter incoming packets by byte pattern.	ipx netbios input-access-filter bytes name
Filter outgoing packets by node name.	ipx netbios output-access-filter host name
Filter outgoing packets by byte pattern.	ipx netbios output-access-filter bytes name
Broadcast filters
Control which broadcast packets are forwarded.	ipx helper-list access-list-number

Keep the following in mind when configuring IPX network access control:

•Access lists entries are scanned in the order you enter them. The first matching entry is used. To improve performance, it is recommended that you place the most commonly used entries near the beginning of the access list.

•An implicit deny everything entry is defined at the end of an access list unless you include an explicit permit everything entry at the end of the list.

•All new entries to an existing list are placed at the end of the list. You cannot add an entry to the middle of a list. This means that if you have previously included an explicit permit everything entry, new entries will never be scanned. The solution is to delete the access list and re-enter it with the new entries.

•Take care not to set up conditions that result in packets getting lost. One way this can happen is when the Cisco IOS software is configured to advertise services on a network that has access lists that deny these packets.

To control access to IPX networks, perform the tasks in the following sections:

•Create Access Lists

•Create Generic Filters

•Create Filters for Updating the Routing Table

•Create SAP Filters

•Create GNS Response Filters

•Create IPX NetBIOS Filters

•Create Broadcast Message Filters

Create Access Lists

To create access lists, you can perform one or more of the following tasks in global configuration mode:

Task	Command
Create a standard IPX access list (for generic, routing, and broadcast filters).	access-list access-list-number {deny | permit} source-network[.source-node[source-node-mask]] [destination-network[.destination-node [destination-node-mask]]]
Create an extended IPX access list (for generic, routing, and broadcast filters).	access-list access-list-number {deny | permit} protocol [source-network[.source-node [source-network-mask.source-node-mask]] source-socket [destination-network [.destination-node [destination-network-mask.destination-node-mask]] destination-socket]]
Create an IPX access list for SAP filters.	access-list access-list-number {deny | permit} network[.node] [network-mask node-mask] [service-type [server-name]]
Create an access list for filtering IPX NetBIOS packets by node name.	netbios access-list host name {deny | permit} string
Create an access list for filtering IPX NetBIOS packets by arbitrary byte pattern.	netbios access-list bytes name {deny | permit} offset byte-pattern

Once you have created an access list, apply it to a filter on the appropriate interfaces as described in the sections that follow. This activates the access list.

Create Generic Filters

Generic filters determine which packets to send out an interface based on the packet's source and destination addresses, IPX protocol type, and source and destination socket numbers.

To create generic filters, perform the following tasks:

---

Step 1 Create a standard or an extended access list.

Step 2 Apply a filter to an interface.

To create an access list, perform one of the following tasks in global configuration mode:

Task	Command
Create a standard IPX access list.	access-list access-list-number {deny | permit} source-network[.source-node[source-node-mask]] [destination-network[.destination-node [destination-node-mask]]]
Create an extended IPX access list.	access-list access-list-number {deny | permit} protocol [source-network[.source-node [source-network-mask.source-node-mask]] source-socket [destination-network [.destination-node [destination-network-mask.destination-node-mask]] destination-socket]]

To apply a generic filter to an interface, perform the following task in interface configuration mode:

Task	Command
Apply a generic filter to an interface.	ipx access-group access-list-number

For an example of creating a generic filter, see the section "IPX Network Access Example."

Create Filters for Updating the Routing Table

Routing table update filters control the entries that the Cisco IOS software accepts for its routing table and the networks that it advertises in its routing updates.

To create filters to control updating of the routing table, perform the following tasks:

---

Step 1 Create a standard or an extended access list.

Step 2 Apply one or more routing filters to an interface.

To create an access list, perform one of the following tasks in global configuration mode:

Task	Command
Create a standard IPX access list.	access-list access-list-number {deny | permit} source-network[.source-node[source-node-mask]] [destination-network[.destination-node [destination-node-mask]]]
Create an extended IPX access list.	access-list access-list-number {deny | permit} protocol [source-network[.source-node [source-network-mask.source-node-mask]] source-socket [destination-network [.destination-node [destination-network-mask.destination-node-mask]] destination-socket]]

To apply routing table update filters to an interface, perform one or more of the following tasks in interface configuration mode:

Task	Command
Control which networks are added to the routing table when IPX routing updates are received.	ipx input-network-filter access-list-number
Control which networks are advertised in routing updates sent out by the access server.	ipx output-network-filter access-list-number
Control which networks are advertised in the EIGRP routing updates sent out by the router.	distribute-list access-list-number out [interface-name | routing-process]
Control the devices from which routing updates are accepted.	ipx router-filter access-list-number

---

Note   The ipx output-network-filter command applies to the IPX Routing Information Protocol (RIP) only. To control the advertising of routes when filtering routing updates in EIGRP, use the distribute-list out command. See "Control the Advertising of Routes in Routing Updates" for more information.

---

Create SAP Filters

A common source of traffic on Novell networks is SAP messages, which are generated by NetWare servers and our access servers when they broadcast their available services. To control how SAP messages from network segments or specific servers are routed among IPX networks, perform the following steps:

---

Step 1 Create a SAP access list.

Step 2 Apply one or more filters to an interface.

To create a SAP access list, perform the following task in global configuration mode:

Task	Command
Create a SAP access list.	access-list access-list-number {deny | permit} network[.node] [network.node-mask] [service-type [server-name]]

To apply SAP filters to an interface, perform one or more of the following tasks in interface configuration mode:

Task	Command
Filter incoming service advertisements.	ipx input-sap-filter access-list-number
Filter outgoing service advertisements.	ipx output-sap-filter access-list-number
Filter service advertisements received from a particular device.	ipx router-sap-filter access-list-number

You can apply one of each SAP filter type to each interface.

For examples of creating and applying SAP filters, see the sections "SAP Input Filter Example" and "SAP Output Filter Example."

Create GNS Response Filters