|
|
AppleTalk is a local-area network system that was designed and developed by Apple Computer, Inc. It can run over Ethernet, Token Ring, and FDDI networks, and over Apple's proprietary twisted-pair media access system (LocalTalk). AppleTalk specifies a protocol stack comprising several protocols that direct the flow of traffic over the network.
Apple Computer uses the name AppleTalk to refer to the Apple networking architecture. Apple refers to the actual transmission media used in an AppleTalk network as LocalTalk (Apple's proprietary twisted-pair transmission medium for AppleTalk), TokenTalk (AppleTalk over Token Ring), EtherTalk (AppleTalk over Ethernet), and FDDITalk (AppleTalk over Fiber Distributed Data Interface).
Use the commands in this chapter to configure and monitor AppleTalk networks. For AppleTalk configuration information and examples, refer to the "Configuring AppleTalk" chapter in the Router Products Configuration Guide.
To define the default action to take for access checks that apply to zones, use the access-list additional-zones global configuration command.
access-list access-list-number {deny | permit} additional-zones| access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
To deny other access
Global configuration
The access-list additional-zones command defines the action to take for access checks not explicitly defined with the access-list zone command. If you do not specify this command, the default action is to deny other access.
You apply access lists defined with the access-list additional-zones command to outgoing routing updates and GZL filters (using the appletalk distribute-list out, and appletalk getzonelist-filter commands). You cannot apply them to data-packet filters (using the appletalk access-group command) or to incoming routing update filters (using the appletalk distribute-list in command).
The following example creates an access list based on AppleTalk zones:
access-list 610 deny zone Twilight access-list 610 permit additional-zones
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
access-list zones
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
appletalk permit-partial-zones
To define an AppleTalk access list for a cable range (for extended networks only), use the access-list cable-range global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} cable-range cable-range| access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| cable-range | Cable range value. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal numbers from 1 to 65279. The starting network number must be less than or equal to the ending network number. |
No access list is defined.
Global configuration
When used as a routing update filter, the access-list cable-range command affects matching on extended networks only. The conditions defined by this access list are used only when a cable range in a routing update exactly matches that specified in the access-list cable-range command. The conditions are never used to match a network number (for a nonextended network).
When used as a data-packet filter, the access-list cable-range command affects matching on any type of network number. The conditions defined by this access list are used only when the packet's source network lies in the range defined by the access list.
You apply access lists defined with the access-list cable-range command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-numberTo delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} cable-range cable-rangePriority queuing for AppleTalk operates on the destination network number, not the source network number.
The following access list forwards all packets except those destined to cable range 10 to 20:
access-list 600 deny cable-range 10-20 access-list 600 permit other-access
A dagger (+) indicates that the command is documented in another chapter.
access-list additional-zones
access-list network
access-list includes
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list protocol +
To define an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks), use the access-list includes global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} includes cable-range| access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| cable-range | Cable range or network number. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal numbers from 1 to 65279. The starting network number must be less than or equal to the ending network number. To specify a network number, set the starting and ending network numbers to the same value. |
No access list is defined.
Global configuration
When used as a routing update filter, the access-list includes command affects matching on extended and nonextended AppleTalk networks. The conditions defined by this access list are used when a cable range or network number overlaps, either partially or completely, one (or more) of those specified in the access-list includes command.
When used as a data-packet filter, the conditions defined by this access list are used when the packet's source network lies in the range defined in the access-list includes command.
You apply access lists defined with the access-list includes command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-numberTo delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} includes cable-rangePriority queuing for AppleTalk operates on the destination network number, not the source network number.
The following example defines an access list that permits access to any network or cable range that overlaps any part of the range 10 to 20. This means, for example, that cable ranges 13 to 16 and 17 to 25 will be permitted. This access list also permits all other ranges.
access-list 600 permit includes 10-20 access-list 600 permit other-access
A dagger (+) indicates that the command is documented in another chapter.
access-list additional-zones
access-list cable-range
access-list network
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list protocol +
To define an AppleTalk access list for a single network number (that is, for a nonextended network), use the access-list network global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} network network| access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| network | AppleTalk network number. |
No access list is defined.
Global configuration
When used as a routing-update filter, the access-list network command affects matching on nonextended networks only. The conditions defined by this access list are used only when the a nonextended number in a routing update matches a network number specified in one of the access-list network commands. The conditions are never used to match a cable range (for an extended network) even if the cable range has the same starting and ending number.
When used as a data-packet filter, the conditions defined by this access list are used only when the packet's source network matches the network number specified in the access-list network command.
You apply access lists defined with the access-list network command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
In software releases before 9.0, the syntax of this command was access-list access-list-number {deny | permit} network. The current version of the software is still able to interpret commands in this format if it finds them in a configuration or boot file. However, it is recommended that you update the commands in your configuration or boot files to match the current syntax.
Use the no access-list command with the access-list-number argument only to remove an entire access list from the configuration. Specify the optional arguments to remove a particular clause.
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-numberTo delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} network networkPriority queuing for AppleTalk operates on the destination network number, not the source network number.
The following example defines an access list that forwards all packets except those destined for networks 1 and 2:
access-list 650 deny network 1 access-list 650 deny network 2 access-list 650 permit other-access
A dagger (+) indicates that the command is documented in another chapter.
access-list additional-zones
access-list cable-range
access-list includes
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list protocol +
To define the default action to take for access checks that apply to networks or cable ranges, use the access-list other-access global configuration command.
access-list access-list-number {deny | permit} other-access| access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
To deny other access
Global configuration
The access-list other-access command defines the action to take for access checks not explicitly defined with an access-list network, access-list cable-range, access-list includes, or access-list within command. If you do not specify this command, the default action is to deny other access.
You apply access lists defined with the access-list other-access command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
In software releases before 9.0, the syntax of this command was access-list access-list-number {deny | permit} -1. The current version of the software is still able to interpret commands in this format if it finds them in a configuration or boot file. However, it is recommended that you update the commands in your configuration or boot files to match the current syntax.
Priority queuing for AppleTalk operates on the destination network number, not the source network number.
The following example defines an access list that forwards all packets except those destined for networks 1 and 2:
access-list 650 deny network 1 access-list 650 deny network 2 access-list 650 permit other-access
A dagger (+) indicates that the command is documented in another chapter.
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
priority-list protocol +
To define an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range, use the access-list within global configuration command. To remove this access list, use the no form of this command.
access-list access-list-number {deny | permit} within cable-range| access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| cable-range | Cable range or network number. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal numbers from 1 to 65279. The starting network number must be less than or equal to the ending network number. To specify a network number, set the starting and ending network numbers to the same value. |
No access is defined.
Global configuration
When used as a routing update filter, the access-list within command affects matching on extended and nonextended AppleTalk networks. The conditions defined by this access list are used when a cable range or network number overlaps, either partially or completely, one (or more) of those specified in the access-list within command.
When used as a data-packet filter, the conditions defined by this access list are used when the packet's source network lies in the range defined in the access-list within command.
You apply access lists defined with the access-list within command to data-packet and routing-update (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-numberTo delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} within cable-rangePriority queuing for AppleTalk operates on the destination network number, not the source network number.
The following example defines an access list that permits access to any network or cable range that is completely included in the range 10 to 20. This means, for example, that cable range 13 to 16 will be permitted, but cable range 17 to 25 will not be. The second line of the access list permits all other packets.
access-list 600 permit within 10-20 access-list 600 permit other-access
A dagger (+) indicates that the command is documented in another chapter.
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list protocol +
To define an AppleTalk access list that applies to a zone, use the access-list zone global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} zone zone-name| access-list number | Number of the access list. This is a decimal number from 600 to 699. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| zone-name | Name of the zone. The name can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. |
No access list is defined.
Global configuration
You apply access lists defined with the access-list zones command to outgoing routing update and GZL filters (using the appletalk distribute-list out, and appletalk getzonelist-filter commands). You cannot apply them to data-packet filters (using the appletalk access-group command) or to incoming routing update filters (using the appletalk distribute-list in command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-numberTo delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} zone zone-nameUse the access-list additional-zones command to define the action to take for access checks not explicitly defined with the access-list zone command.
The following example creates an access list based on AppleTalk zones:
access-list 610 deny zone Twilight access-list 610 permit additional-zones
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
appletalk permit-partial-zones
To assign an access list to an interface, use the appletalk access-group interface configuration command. To remove the access list use the no form of this command.
appletalk access-group access-list-number| access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
No access list is assigned.
Interface configuration
The appletalk access-group command applies data-packets filter to an interface. These filters check data packets being sent out an interface. If the packets' source network has access denied, these packets are not transmitted but rather are discarded.
Data-packet filters use access lists that define conditions for networks and cable ranges only. They ignore any zone information that may be in the access list.
When you apply a data-packet filter to an interface, you should ensure that all networks or cable ranges within a zone are governed by the same filters.
The following example applies access list 601 to Ethernet interface 0:
access-list 601 deny cable-range 1-10 access-list 601 permit other-access interface ethernet 0 appletalk access-group 601
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
appletalk distribute-list in
appletalk distribute-list out
To enable nonextended AppleTalk routing on an interface, use the appletalk address interface configuration command. To disable nonextended AppleTalk routing, use the no form of this command.
appletalk address network.node| network.node | AppleTalk network address assigned to the interface. The argument network is the 16-bit network number in the range 0 to 65279. The argument node is the 8-bit node number in the range 0 to 254. Both numbers are decimal. |
Disabled
Interface configuration
You must enable routing on the interface before assigning zone names.
Specifying an address of 0.0, or 0.node places the interface into discovery mode. When in this mode, the router attempts to determine network address information from another router on the network. You also can enable discovery mode with the appletalk discovery command. Discovery mode does not run over serial lines.
The following example enables nonextended AppleTalk routing on Ethernet interface 0:
appletalk routing interface ethernet 0 appletalk address 1.129
appletalk cable-range
appletalk discovery
appletalk zone
To display network numbers in a two-octet format, use the appletalk alternate-addressing global configuration command. To return to displaying network numbers in the format network.node, use the no form of this command.
appletalk alternate-addressingThis command has no arguments or keywords.
Disabled
Global configuration
The appletalk alternate-addressing command displays cable ranges in the alternate format wherever applicable. This format consists of printing the upper and lower bytes of a network number as 8-bit decimal values separated by a decimal point. For example, the cable range 511-512 would be printed as 1.255-2.0.
The following example enables the display of network numbers in a two-octet format:
appletalk alternate-addressing
To specify the time interval between the retransmission of ARP packets, use the appletalk arp interval global configuration command. To restore both default intervals, use the no form of this command.
appletalk arp [probe | request] interval interval| probe | (Optional) Indicates that the interval specified is to be used with AARP requests that are trying to determined the address of the local router when the router is being configured. If you omit probe and request, probe is the default. |
| request | (Optional) Indicates that the interval specified is to be used when AARP is attempting to determine the hardware address of another node so that AARP can deliver a packet. |
| interval | Interval, in milliseconds, between AppleTalk ARP transmissions. The minimum value is 33 milliseconds. |
If you omit the keyword, probe is the default.
probe--200 milliseconds
request--1000 milliseconds
Global configuration
The time interval you specify takes effect immediately.
Lengthening the interval between AARP transmissions permits responses from devices that respond slowly, such as printers and overloaded file servers, to be received.
AARP uses the appletalk arp probe interval value when obtaining the address of the local router. This is done when the router is being configured. You should not change the default value of this interval unless absolutely necessary, because this value directly modifies the AppleTalk dynamic node assignment algorithm.
AARP uses the appletalk arp request interval value when attempting to determine the hardware address of another node so that it can deliver a packet. You can change this interval as desired, although the default value is optimal for most sites.
The no appletalk arp command restores both the probe and request intervals specified in the appletalk arp interval and appletalk arp retransmit-count commands to their default values.
In the following example, the AppleTalk ARP retry interval is lengthened to 2000 milliseconds:
appletalk arp request interval 2000
appletalk arp retransmit-count
appletalk arp-timeout
appletalk glean-packets
show appletalk global
To specify the number of AppleTalk ARP (AARP) probe or request transmissions, use the appletalk arp retransmit-count global configuration command. To restore both default values, use the no form of this command.
appletalk arp [probe | request] retransmit-count number| probe | (Optional) Indicates that the number specified is to be used with AARP requests that are trying to determined the address of the local router when the router is being configured. If you omit probe and request, probe is the default. |
| request | (Optional) Indicates that the number specified is to be used when AARP is attempting to determine the hardware address of another node so that AARP can deliver a packet. |
| number | Number of AARP retransmissions that will occur. The minimum number is 1. With the probe keyword, the default value is 10 retransmissions. With the request keyword, the default value is 5 retransmissions. Specifying 0 selects the default value. |
If you omit the keyword, probe is the default.
probe--10
request--5
Global configuration
The value you specify takes effect immediately.
Increasing the number of retransmissions permits responses from devices that respond slowly, such as printers and overloaded file servers, to be received.
AARP uses the appletalk arp probe retransmit-count value when obtaining the address of the local router. This is done when the router is being configured. You should not change the default value unless absolutely necessary, because this value directly modifies the AppleTalk dynamic node assignment algorithm.
AARP uses the appletalk arp request retransmit-count value when attempting to determine the hardware address of another node so that it can deliver a packet. You can change this interval as desired, although the default value is optimal for most sites.
The no appletalk arp command restores both the probe and request intervals specified in the appletalk arp interval and appletalk arp retransmit-count commands to their default values.
The following example specifies an AARP retransmission count of 10 for AARP packets that are requesting the hardware address of another node on the network:
appletalk arp request retransmit-count 10
appletalk arp interval
appletalk arp-timeout
appletalk glean-packets
show appletalk global
To specify the interval at which entries are aged out of the ARP table, use the appletalk arp-timeout interface configuration command. To return to the default timeout, use the no form of this command.
appletalk arp-timeout interval| interval | Time, in minutes, after which an entry is removed from the AppleTalk ARP table. The default is 240 minutes, or 4 hours. |
240 minutes (4 hours)
Interface configuration
The following example changes the ARP timeout interval on Ethernet interface 0 to 2 hours:
interface ethernet 0 appletalk cable-range 2-2 appletalk arp-timeout 120
appletalk arp interval
appletalk arp retransmit-count
appletalk glean-packets
To enable an extended AppleTalk network, use the appletalk cable-range interface configuration command. To disable an extended AppleTalk network, use the no form of this command.
appletalk cable-range cable-range [network.node]| cable-range | Cable range value. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal number from 0 to 65279. The starting network number must be less than or equal to the ending network number. |
| network.node | (Optional) Suggested AppleTalk address for the interface. The argument network is the 16-bit network number, and the argument node is the 8-bit node number. Both numbers are decimal. The suggested network number must fall within the specified range of network numbers. |
Disabled
Interface configuration
You must enable routing on the interface before assigning zone names.
Specifying a cable range value of 0-0 places the interface into discovery mode. When in this mode, the router attempts to determine cable range information from another router on the network. You also can enable discovery mode with the appletalk discovery command. Discovery mode does not run over serial lines.
The following example assigns a cable range of 3 to 3 to the interface:
interface ethernet 0 appletalk cable-range 3-3
appletalk address
appletalk discovery
appletalk zone
To enable the generation and verification of checksums for all AppleTalk packets (except routed packets), use the appletalk checksum global configuration command. To disable checksum generation and verification, use the no form of this command.
appletalk checksumThis command has no arguments or keywords.
Enabled
Global configuration
When the appletalk checksum command is enabled, the router discards incoming DDP packets when the checksum is nonzero and is incorrect, and when the router is the final destination for the packet.
You might want to disable checksum generation and verification if you have very early devices, such as LaserWriter printers, that cannot receive packets that contain checksums.
Our routers do not check checksums on routed packets, thereby eliminating the need to disable checksum to allow operation of some networking applications.
The following example disables the generation and verification of checksums:
no appletalk checksum
show appletalk global
To place an interface into discovery mode, use the appletalk discovery interface configuration command. To disable discovery mode, use the no form of this command.
appletalk discoveryThis command has no arguments or keywords.
Disabled
Interface configuration
If an interface is connected to a network that has at least one other operational AppleTalk router, you can dynamically configure the interface using discovery mode. In discovery mode, an interface acquires network address information about the attached network from an operational router and then uses this information to configure itself.
If you enable discovery mode on an interface, then when the router is starting up, that interface must acquire information to configure itself from another operational router on the attached network. If no operational router is present on the connected network, the interface will not start up.
If you do not enable discovery mode, then when the router is starting up, the interface must acquire its configuration from memory. If the stored configuration is not complete, the interface will not start up. If there is another operational router on the connected network, the router will verify the interface's stored configuration with that router. If there is any discrepancy, the interface will not start up. If there are no neighboring operational routers, the router will assume the interface's stored configuration is correct and will start up.
Once an interface is operational, it can seed the configurations of other routers on the connected network regardless of whether you have enabled discovery mode on any of the routers.
If you enable appletalk discovery and the interface is restarted, another operational router must still be present on the directly connected network in order for the interface to start up.
It is not advisable to have all routers on a network configured with discovery mode enabled. If all routers were to restart simultaneously (for instance, after a power failure), the network would become inaccessible until at least one router were restarted with discovery mode disabled.
You also can enable discovery mode by specifying an address of 0.0. in the appletalk address command or a cable range of 0-0 in the appletalk cable-range command.
Discovery mode is useful when you are changing a network configuration or when you are adding a router to an existing network.
Discovery mode does not run over serial lines.
Use the no appletalk discovery command to disable discovery mode. If the interface is not operational when you issue this command (that is, if you have not issued an appletalk zone command on the interface), you must configure the zone name next. If the interface is operational when you issue the no appletalk discovery command, you can save the current configuration (in running memory) in nonvolatile memory by issuing the write memory EXEC command.
The following example enables discovery mode on Ethernet interface 0:
interface ethernet 0 appletalk discovery
A dagger (+) indicates that the command is documented in another chapter.
appletalk address
appletalk cable-range
appletalk zone
show appletalk interface
write memory +
To filter routing updates received from other routers over a specified interface, use the appletalk distribute-list in interface configuration command. To remove the routing table update filter, use the no form of this command.
appletalk distribute-list access-list-number in| access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
No routing filter is configured.
Interface configuration
The appletalk distribute-list in command controls which networks and cable ranges in routing updates will be entered into the local routing table.
Filters for incoming routing updates use access lists that define conditions for networks and cable ranges only. They cannot use access lists that define conditions for zones. All zone information in an access list assigned to the interface with the appletalk distribute-list in command is ignored.
An input distribution list filters network numbers received in an incoming routing update. When AppleTalk routing updates are received on the specified interface, each network number and cable range in the update is checked against the access list. Only network numbers and cable ranges that are permitted by the access list are inserted into the router's AppleTalk routing table.
The following example prevents the router from accepting routing table updates received from network 10 and on Ethernet interface 3:
access-list 601 deny network 10 access-list 601 permit other-access interface ethernet 3 appletalk distribute-list 601 in
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
appletalk distribute-list out
To filter routing updates transmitted to other routers, use the appletalk distribute-list out interface configuration command. To remove the routing table update filter, use the no form of this command.
appletalk distribute-list access-list-number out| access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
No routing filter is configured.
Interface configuration
The appletalk distribute-list out command controls which network numbers and cable ranges are included in routing updates and which zones the local router includes in its GetZoneList replies.
When an AppleTalk routing update is generated on the specified interface, each network number and cable range in the routing table is checked against the access list. If an undefined access list is used, all network numbers and cable ranges are added to the routing update. Otherwise, if an access list is defined, only network numbers and cable ranges that satisfy the following conditions are added to the routing update:
A zone is considered partially obscured when one or more network numbers or cable ranges that are members of the zone is explicitly or implicitly denied.
When a ZIP GetZoneList reply is generated, only zones that satisfy the following conditions are included:
The following example prevents routing updates sent on Ethernet 0 from mentioning any networks in zone Admin:
access-list 601 deny zone Admin access-list 601 permit other-access interface Ethernet 0 appletalk distribute-list 601 out
access-list additional-zones
access-list zones
appletalk distribute-list in
appletalk getzonelist-filter
appletalk permit-partial zones
To log significant network events, use the appletalk event-logging global configuration command. To disable this function, use the no form of this command.
appletalk event-loggingThis command has no arguments or keywords.
Disabled
Global configuration
The appletalk event-logging command logs a subset of messages produced by debug appletalk command. This includes routing changes, zone creation, port status, and address.
The following example shows the use of the appletalk event-logging command:
appletalk routing appletalk event-logging
show appletalk global
To establish a free-trade zone, use the appletalk free-trade-zone interface configuration command. To disable a free-trade zone, use the no form of this command.
appletalk free-trade-zoneThis command has no arguments or keywords.
Disabled
Interface configuration
A free-trade zone is a part of an AppleTalk internet that is accessible by two other parts of the internet, neither of which can access the other. You might want to create a free-trade zone to allow the exchange of information between two organizations that otherwise want to keep their internets isolated from each other or that do not have physical connectivity with one another.
You apply the appletalk free-trade-zone command to each interface attached to the common-access network. This command has the following effect on the interface:
The GZL for free-trade zone nodes will be empty.
The following example establishes a free-trade zone on Ethernet interface 0:
interface ethernet 0 appletalk cable-range 5-5 appletalk zone FreeAccessZone appletalk free-trade-zone
To filter GetZoneList (GZL) replies, use the appletalk getzonelist-filter interface configuration command. To remove this filter, use the no form of this command.
appletalk getzonelist-filter access-list-number| access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
No filter is configured.
Interface configuration
GZL filters define conditions for zones only. They cannot use access lists that define conditions for network numbers or cable ranges. All network number and cable range information in the access list assigned to an interface with the appletalk getzonelist-filter command is ignored.
Using a GZL filter is not a complete replacement for anonymous network numbers. In order to prevent users from seeing a zone, all routers must implement the GZL filter. If there are any routers from other vendors on the network, the GZL filter will not have a consistent effect.
The Macintosh Chooser uses ZIP GZL requests to compile a list of zones from which the user can select services. Any router on the same network as the Macintosh can respond to these requests with a GZL reply. You can create a GZL filter on the router to control which zones the router mentions in its GZL replies. This has the effect of controlling the list of zones that are displayed by the Chooser.
When defining GZL filters, you should ensure that all routers on the same internetwork filter GZL reply identically. Otherwise, the Chooser will list different zone depending upon which router responded to the request. Also, inconsistent filters can result in zones appearing and disappearing every few seconds when the user remains in the Chooser. Because of these inconsistencies, you should normally use the appletalk getzonelist-filter command only when all routers in the internetwork are our routers, unless the other vendors' routers have a similar feature.
Replies to GZL requests are also filtered by any appletalk distribute-list out filter that has been applied to the same interface. You need to specify an appletalk getzonelist-filter command only if you want additional filtering to be applied to GZL replies. This filter is rarely needed except to eliminate zones that do not contain user services.
The following example does not include the zone Engineering in GZL replies sent out Ethernet interface 0:
access-list 600 deny zone Engineering interface Ethernet 0 appletalk getzonelist-filter 600
access-list additional-zones
access-list zone
appletalk distribute-list out
appletalk permit-partial-zones
To derive AARP table entries from incoming packets, use the appletalk glean-packets interface configuration command. To disable this function, use the no form of this command.
appletalk glean-packetsThis command has no arguments or keywords.
Enabled
Interface configuration
The router automatically derives AARP table entries from incoming packets. This process is referred to as "gleaning." Gleaning speeds up the process of populating the AARP table.
The following example disables the building of the AARP table using information derived from incoming packets:
interface ethernet 0 appletalk address 33 no appletalk glean-packets
To allow a router to start functioning even if the network is misconfigured, use the appletalk ignore-verify-errors global configuration command. To disable this function, use the no form of this command.
appletalk ignore-verify-errorsThis command has no arguments or keywords.
Disabled
Global configuration
The following example allows a router to start functioning without verifying network misconfiguration:
no appletalk ignore-verify-errors 0
Use this command only under the guidance of a customer engineer or other service representative. A router that starts routing in a misconfigured network will serve only to make a bad situation worse; it will not correct other misconfigured routers.
To enable IPTalk encapsulation on an interface that already has a configured IP address, use the appletalk iptalk interface configuration command. To disable IPTalk encapsulation, use the no form of this command.
appletalk iptalk network.node zone| network.node | AppleTalk network address assigned to the interface. The argument network is the 16-bit network number, and the argument node is the 8-bit node number. Both numbers are decimal. |
| zone | Name of the zone for the connected AppleTalk network. |
Disabled
Interface configuration
Use the appletalk iptalk interface subcommand to enable IPTalk encapsulation on an interface that already has a configured IP address. This command encapsulates AppleTalk in IP packets in a manner compatible with the Columbia AppleTalk Package (CAP) IPTalk and the Kinetics IPTalk (KIP) implementations.
This command allows AppleTalk communication with UNIX hosts running older versions of CAP that do not support native AppleTalk EtherTalk encapsulations. Typically, Apple Macintosh users wishing to communicate with these servers would have their connections routed through a Kinetics FastPath router running KIP (Kinetics IP) software.
This command is provided as a migration command; newer versions of CAP provide native AppleTalk EtherTalk encapsulations, and the IPTalk encapsulation is no longer required. Our implementation of IPTalk assumes that AppleTalk is already being routed on the backbone, because there is currently no LocalTalk hardware interface for our routers.
Our implementation of IPTalk does not support manually configured AppleTalk-to-IP address mapping (atab). The address mapping provided is the same as the Kinetics IPTalk implementation when the atab facility is not enabled. This address mapping functions as follows: The IP subnet mask used on the router Ethernet interface on which IPTalk is enabled is inverted (ones complement). This result is then masked against 255 (0xFF hexadecimal). This is then masked against the low-order 8 bits of the IP address to obtain the AppleTalk node number.
The following example configuration illustrates how to configure IPTalk:
interface Ethernet 0 ip address 131.108.1.118 255.255.255.0 appletalk address 20.129 appletalk zone Native AppleTalk appletalk iptalk 30.0 UDPZone
In this configuration, the IP subnet mask would be inverted:
255.255.255.0 inverted yields: 0.0.0.255
Masked with 255 it yields 255, and masked with the low-order 8 bits of the interface IP address it yields 118.
This means that the AppleTalk address of the Ethernet 0 interface seen in the UDPZone zone is 30.118. This caveat should be noted, however: Should the host field of an IP subnet mask for an interface be more than 8 bits wide, it will be possible to obtain conflicting AppleTalk node numbers. For instance, consider a situation where the subnet mask for the Ethernet 0 interface above is 255.255.240.0, meaning that the host field is 12 bits wide.
appletalk iptalk-baseport
To specify the UDP port number when configuring IPTalk, use the appletalk iptalk-baseport global configuration command. To return to the default UDP port number, use the no form of this command.
appletalk iptalk-baseport| port-number | First UDP port number in the range of UDP ports used in mapping AppleTalk well-known DDP socket numbers to UDP ports. |
768
Global configuration
Implementations of IPTalk prior to April 1988 mapped well-known DDP socket numbers to privileged UDP ports starting at port number 768. In April 1988, the NIC assigned a range of UDP ports for the defined DDP well-known sockets starting at UDP port number 200 and assigned these ports the names at-nbp, at-rtmp, at-echo, and at-zis. Release 6 and later of the CAP program dynamically decides which port mapping to use. If there are no AppleTalk service entries in the UNIX system's /etc/services file, CAP uses the older mapping starting at UDP port number 768.
The default UDP port mapping supported by our implementation of IPTalk is 768. If there are AppleTalk service entries in the UNIX system's /etc/services file, you should specify the beginning of the UDP port mapping range with the appletalk iptalk-baseport command.
The following example sets the base UDP port number to 200, which is the official NIC port number, and configures IPTalk on Ethernet interface 0:
appletalk routing appletalk iptalk-baseport 200 ! interface Ethernet 0 ip address 131.108.1.118 255.255.255.0 appletalk address 20.129 appletalk zone Native AppleTalk appletalk iptalk 30.0 UDPZone
appletalk iptalk
To specify which NBP service types are retained in the name cache, use the appletalk lookup-type global configuration command. To disable the caching of services, use the no form of this command.
appletalk lookup-type service-type| service-type | AppleTalk service types. The name of a service type can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal numbers. For zone names with a leading space character, enter the first character as the special sequence :20. For a list of possible types, see Table 13-1 in the "Usage Guidelines" section. |
The ciscoRouter entries are retained in the name cache.
Global configuration
You can issue multiple appletalk lookup-type commands. The router does not query the entire zone, but instead polls only the connected networks. This reduces network overhead and means that the name cache contains entries only for selected services that are in a directly connected network or zone, not for all the selected services in a network or zone.
Table 13-1 lists some AppleTalk service types.
| Service Type1 | Description |
|---|---|
| Services for Cisco Routers | |
| ciscoRouter | Active adjacent Cisco routers; this service type is initially enabled by default |
| IPADDRESS | Addresses of active MacIP server |
| IPGATEWAY | Names of active MacIP server |
| SNMP Agent | Active SNMP agents in Cisco routers |
| Services for Other Vendors' Routers | |
| AppleRouter | Apple internet router |
| FastPath | Shiva LocalTalk gateway |
| GatorBox | Cayman LocalTalk gateway |
| systemRouter | Cisco's OEM router name |
| Workstation | Macintosh running System 7; the machine type also is defined, so it is possible to easily identify all user nodes |
If you omit the service-type argument from the no appletalk lookup-type command, no service types except those relating to our routers are cached.
To display information that is stored in the name cache about the services being used by our routers and other vendors' routers, use the show appletalk name-cache command.
If a neighboring router is not our router or is running our software that is earlier than Release 9.0, it is possible the router will be unable to determine the name of the neighbor. This is normal behavior, and there is no workaround.
If AppleTalk routing is enabled, enabling SNMP will automatically enable SNMP over DDP.
Name cache entries are deleted after several interval periods expire without being refreshed. (You set the interval with the appletalk name-lookup-interval command.) At each interval, a single request is sent via each interface that has valid addresses.
The following example caches information about GatorBox services, Apple internet routers, MacIP services, and workstations. Information about our routers is automatically cached.
appletalk lookup GatorBox appletalk lookup AppleRouter appletalk lookup IPGATEWAY appletalk lookup Workstation
appletalk name-lookup-interval
show appletalk name-cache
show appletalk nbp
To allocate IP addresses to dynamic MacIP clients, use the appletalk macip dynamic global configuration command. To delete a MacIP dynamic address assignment, use the no form of this command.
appletalk macip dynamic ip-address [ip-address] zone server-zone| ip-address | IP address, in four-part dotted decimal notation. To specify a range, enter two IP addresses, which represent the first and last addresses in the range. |
| zone server-zone | Zone in which the MacIP server resides. The argument server-zone can include special characters from the Apple Macintosh character set. To include a special character, specify a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. For a list of Macintosh characters, refer to the Apple Computer, Inc. specification Inside AppleTalk. |
No IP addresses are allocated.
Global configuration
Use the appletalk macip dynamic command when configuring MacIP.
Dynamic clients are those that accept any IP address assignment within the dynamic range specified.
In general, it is recommended that you do not use fragmented address ranges in configuring ranges for MacIP. However, if this is unavoidable, use the appletalk macip dynamic command to specify as many addresses or ranges as required and use the appletalk macip static command to assign a specific address or address range.
To shut down all running MacIP services, use the following command:
no appletalk macipTo delete a particular dynamic address assignment from the configuration, use the following command:
no appletalk macip dynamic ip-address [ip-address] zone server-zoneThe following example illustrates MacIP support for dynamically addressed MacIP clients with IP addresses in the range 131.108.1.28 to 131.108.1.44.
!This global statement specifies the MacIP server address and zone: appletalk macip server 131.108.1.27 zone Engineering ! !This global statement identifies the dynamically addressed clients: appletalk macip dynamic 131.108.1.28 131.108.1.44 zone Engineering ! !These statements assign the IP address and subnet mask for Ethernet interface 0: interface ethernet 0 ip address 131.108.1.27 255.255.255.0 ! !This global statement enables AppleTalk routing on the router. appletalk routing ! !These statements enable AppleTalk routing on the interface and !set the zone name for the interface interface ethernet 0 appletalk cable-range 69-69 69.128 appletalk zone Engineering
A dagger (+) indicates that the command is documented in another chapter.
appletalk macip server
appletalk macip static
ip address +
show appletalk macip-servers
To establish a MacIP server for a zone, use the appletalk macip server global configuration command. To shut down a MACIP server, use the no form of this command.
appletalk macip server ip-address zone server-zone| ip-address | IP address, in four-part dotted decimal notation. It is suggested that this address match the address of an existing IP interface. |
| zone server-zone | Zone in which the MacIP server resides. The argument server-zone can include special characters from the Apple Macintosh character set. To include a special character, specify a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. For a list of Macintosh characters, refer to the Apple Computer, Inc. specification Inside AppleTalk. |
No MacIP server is established.
Global configuration
Use the appletalk macip server command when configuring MacIP.
You can configure only one MacIP server per AppleTalk zone. A server is not registered via NBP until at least one MacIP resource is configured.
You can configure multiple MacIP servers for a router, but you can assign only one MacIP server to a particular zone and only one IP interface to each MacIP server. In general, you must be able to establish an alias between the IP address you assign with the appletalk macip server command and an existing IP interface. For implementation simplicity, it is suggested that the address specified in this command match an existing IP interface address.
To shut down all active MacIP servers, use the following command:
no appletalk macipTo delete a specific MacIP server from the MacIP configuration, use the following command:
no appletalk macip server ip-address zone server-zoneThe following example establishes a MacIP server on Ethernet interface 0 in AppleTalk zone Engineering. It then assigns an IP address to the Ethernet interface and enables AppleTalk routing on the router and the Ethernet interface.
appletalk macip server 131.108.1.27 zone Engineering ip address 131.108.1.27 255.255.255.0 appletalk routing interface ethernet 0 appletalk cable-range 69-69 69.128 appletalk zone Engineering
A dagger (+) indicates that the command is documented in another chapter.
appletalk macip dynamic
appletalk macip static
ip address +
show appletalk macip-servers
To allocate an IP address to be used by a MacIP client that has reserved a static IP address, use the appletalk macip static global configuration command. To delete a MacIP static address assignment, use the no form of this command.
appletalk macip static ip-address [ip-address] zone server-zone| ip-address | IP address, in four-part dotted decimal format. To specify a range, enter two IP addresses, which represent the first and last addresses in the range. |
| zone server-zone | Zone in which the MacIP server resides. The argument server-zone can include special characters from the Apple Macintosh character set. To include a special character, specify a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. For a list of Macintosh characters, refer to Apple Computer, Inc. specification Inside AppleTalk. |
No IP address is allocated.
Global configuration
Use the appletalk macip static command when configuring MacIP.
Static addresses are for users who require fixed addresses for IP name domain name service and for administrators who do want addresses to change so they can always know who has what IP address.
In general, it is recommended that you do not use fragmented address ranges in configuring ranges for MacIP. However, if this is unavoidable, use the appletalk macip dynamic command to specify as many addresses or ranges as required, and then use the appletalk macip static command to assign a specific address or address range.
To shut down all running MacIP services, use the following command:
no appletalk macipTo delete a particular static address assignment from the configuration, use the following command:
no appletalk macip static ip-address [ip-address] zone server-zoneThe following example illustrates MacIP support for MacIP clients with statically allocated IP addresses. The IP addresses range is from 131.108.1.50 to 131.108.1.66. The three nodes that have the specific addresses are 131.108.1.81, 131.108.1.92, and 131.108.1.101.
!This global statement specifies the MacIP server address and zone: appletalk macip server 131.108.1.27 zone Engineering ! !These global statements identify the statically addressed clients: appletalk macip static 131.108.1.50 131.108.1.66 zone Engineering appletalk macip static 131.108.1.81 zone Engineering appletalk macip static 131.108.1.92 zone Engineering appletalk macip static 131.108.1.101 zone Engineering ! !These statements assign the IP address and subnet mask for Ethernet interface 0: interface ethernet 0 ip address 131.108.1.27 255.255.255.0 ! !This global statement enables AppleTalk routing on the router. appletalk routing ! !These statements enable AppleTalk routing on the interface and !set the zone name for the interface interface ethernet 0 appletalk cable-range 69-69 69.128 appletalk zone Engineering
A dagger (+) indicates that the command is documented in another chapter.
appletalk macip dynamic
appletalk macip server
ip address +
show appletalk macip-servers
To set the interval between service pollings by the router on its AppleTalk interfaces, use the appletalk name-lookup-interval global configuration command. To purge the name cache and return to the default polling interval, use the no form of this command.
appletalk name-lookup-interval seconds| seconds | Interval, in seconds, between NBP lookup pollings. This can be any positive integer; there is no upper limit. It is recommended that you use an interval between 300 seconds (5 minutes) and 1200 seconds (20 minutes). The smaller the interval, the more packets are generated to handle the names. Specifying an interval of 0 purges all entries from the name cache and disables the caching of service type information that is controlled by the appletalk lookup-type command, including the caching of information about our routers. |
0
Global configuration
The router collects name information only for entities on connected AppleTalk networks.This reduces overhead.
If you enter an interval of 0, all polling for services (except ciscoRouter) is disabled. If you reenter a nonzero value, the configuration specified by the appletalk lookup-type command is reinstated. You cannot disable the lookup of ciscoRouter.
The following example sets the lookup interval to 20 minutes:
appletalk name-lookup-interval 1200
appletalk lookup-type
show appletalk name-cache
To permit access to the other networks in a zone when access to one of those networks is denied, use the appletalk permit-partial-zones global command. To return to the default behavior, which is to deny access to all networks in a zone if access to one of those networks is denied, use the no form of this command.
appletalk permit-partial-zonesThis command has no arguments or keywords.
Disabled
Global configuration
The permitting of partial zones provides IP-style access control.
When you enable the use of partial zones, the NBP protocol cannot ensure the consistency and uniqueness of name bindings.
If you enable the use of partial zones, access control behavior is compatible with that of software Release 8.3.
The following example allows partial zones:
appletalk permit-partial-zones
access-list additional zones
access-list zone
appletalk distribute-list out
appletalk getzonelist-filter
To enable the recognition of pre-FDDITalk packets, use the appletalk pre-fdditalk global configuration command. To disable this function, use the no form of this command.
appletalk pre-fdditalkThis command has no arguments or keywords.
Disabled
Interface configuration
Use this command to have the router recognize AppleTalk packets sent on the FDDI ring from routers running Cisco software releases prior to Release 9.0(3) or 9.1(2).
The following example disables the recognition of pre-FDDITalk packets:
no appletalk pre-fdditalk
To assign a proxy network number for each zone in which there is a router that supports only nonextended AppleTalk, use the appletalk proxy-nbp global configuration command. To delete the proxy, use the no form of this command.
appletalk proxy-nbp network-number zone-name| network-number | Network number of the proxy. It is a 16-bit decimal number and must be unique on the network. This is the network number that will be advertised by the router as if it were a real network number. |
| zone-name | Name of the zone that contains the routers that support only nonextended AppleTalk. The name can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. |
No proxy network number is assigned.
Global configuration
The appletalk proxy-nbp command provides compatibility between AppleTalk Phase 1 and AppleTalk Phase 2 networks.
Proxy routes are included in outgoing RTMP updates as if they were directly connected routes, although they are not really directly connected, since they are not associated with any interface. Whenever an NBQ BrRq for the zone in question is generated by anyone anywhere in the Internet, an NBP FwdReq is directed to any router connected to the proxy route. The Phase 2 router which is the only router directly connected converts the FwdReq to LkUps, which are understood by Phase 1 routers, and sends them to every network in the zone.
In an environment in which there are Phase 1 and Phase 2 networks, you must specify at least one appletalk proxy-nbp command for each zone that has a nonextended-only AppleTalk router.
The proxy network number you assign with the appletalk proxy-nbp command cannot also be assigned to a router, nor can it also be associated with a physical network.
You need to assign only one proxy network number for each zone. However, you can define additional proxies with different network numbers to provide redundancy. Each proxy generates one or more packets for each forward request it receives. All other packets sent to the proxy network address are discarded. Defining redundant proxy network numbers increases the NBP traffic linearly.
The following example defines network number 60 as an NBP proxy for the zone Twilight:
appletalk proxy-nbp 60 Twilight
To prevent the advertisement of routes (network numbers or cable ranges) that have no assigned zone, use the appletalk require-route-zones global configuration command. To disable this option and allow the router to advertise to its neighbors routes that have no network-zone association, use the no form of this command.
appletalk require-route-zonesThis command has no arguments or keywords.
Enabled
Global configuration
The appletalk require-route-zones command ensures that all networks have zone names prior to advertisement to neighbors.
The no appletalk require-route-zones command enables router behavior compatible with software Release 8.3.
Using this command helps prevent ZIP protocol storms. ZIP protocol storms can arise when corrupt routes are propagated and routers broadcast ZIP requests to determine the network/zone associations.
When the appletalk require-route-zones command is enabled, the router will not advertise a route to its neighboring routers until it has obtained the network/zone associations. This effectively limits the storms to a single network rather than the entire internet.
As an alternative to disabling this option, use the appletalk getzonelist-filter interface configuration command to filter empty zones from the list presented to users.
You can configure different zone lists on different interfaces. However, you are discouraged from doing this because AppleTalk users expect to have the same user zone lists at any end node in the internet.
The filtering provided by the appletalk require-route-zones command does not prevent explicit access via programmatic methods, but should be considered a user optimization to suppress unused zones. You should use other forms of AppleTalk access control lists to actually secure a zone or network.
The following example configures a router to prevent the advertisement of routes that have no assigned zone:
appletalk require-route-zones
To enable fast switching on all supported interfaces, use the appletalk route-cache interface configuration command. To disable fast switching, use the no form of this command.
appletalk route-cacheThis command has no arguments or keywords.
Enabled on all interfaces that support fast switching
Interface configuration
Fast switching allows higher throughput by switching a packet using a cache created by previous packets. Fast switching is enabled by default on all interfaces that support fast switching.
Packet transfer performance is generally better when fast switching is enabled. However, you may want to disable fast switching in order to save memory space on interface cards and to help avoid congestion when high-bandwidth interfaces are writing large amounts of information to low-bandwidth interfaces.
For serial lines, fast switching is supported on extended serial lines with HDLC encapsulation only. It is not supported on nonextended serial lines.
The following example disables fast switching on an interface:
interface ethernet 0 appletalk cable-range 10-20 appletalk zone Twilight no appletalk route-cache
show appletalk cache
To enable AppleTalk routing, use the appletalk routing global configuration command. To disable AppleTalk routing, use the no form of this command.
appletalk routingThis command has no arguments or keywords.
Disabled
Global configuration
The following example enables AppleTalk protocol processing on the router:
appletalk routing
appletalk address
appletalk cable-range
appletalk zone
To allow a router to send routing updates to its neighbors, use the appletalk send-rtmps interface configuration command. To block updates from being sent, use the no form of this command.
appletalk send-rtmpsThis command has no arguments or keywords.
Send routing updates
Interface configuration
If you block the sending of routing updates, an interface on the network that has AppleTalk enabled is not "visible" to other routers on the network.
The following example prevents a router from sending routing updates to its neighbors:
no appletalk send-rtmps
appletalk require-route-zones
appletalk strict-rtmp-checking
appletalk timers
To define a static route on an extended network, use the appletalk static cable-range global configuration command. To remove a static route, use the no form of this command.
appletalk static cable-range cable-range to network.node zone zone-name| cable-range | Cable range value. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal number from 0 to 65279. The starting network number must be less than or equal to the ending network number. |
| network.node | AppleTalk network address of the remote router. The argument network is the 16-bit network number in the range 0 to 65279. The argument node is the 8-bit node number in the range 0 to 254. Both numbers are decimal. |
| zone-name | Name of the zone on the remote network. The name can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. |
No static routes are defined.
Global configuration
You cannot delete a particular zone from the zone list without first deleting the static route.
The following example creates a static route to the remote router whose address is 1.2 on the remote network 100-110 that is in the remote zone Remote:
appletalk static cable 100-110 to 1.2 zone Remote
appletalk static network
show appletalk route
show appletalk static
To define a static route on a nonextended network, use the appletalk static network global configuration command. To remove a static route, use the no form of this command.
appletalk static network network-number to network.node zone zone-name| network-number | AppleTalk network number assigned to the interface. It is a 16-bit decimal number and must be unique on the network. This is the network number that will be advertised by the router as if it were a real network number. |
| network.node | AppleTalk network address of the remote router. The argument network is the 16-bit network number in the range 0 to 65279. The argument node is the 8-bit node number in the range 0 to 254. Both numbers are decimal. |
| zone-name | Name of the zone on the remote network. The name can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. |
No static routes are defined.
Global configuration
You cannot delete a particular zone from the zone list without first deleting the static route.
The following example creates a static route to the remote router whose address is 1.2 on the remote network 200 that is in the remote zone Remote:
appletalk static network 200 to 1.2 zone Remote
appletalk static cable-range
show appletalk route
show appletalk static
To perform maximum checking of routing updates to ensure their validity, use the appletalk strict-rtmp-checking global configuration command. To disable the maximum checking, use the no form of this command.
appletalk strict-rtmp-checkingThis command has no arguments or keywords.
Provide maximum checking
Global configuration
Strict RTMP checking discards any RTMP packets arriving from routers that are not directly connected to the local router. This means that the local router does not accept any routed RTMP packets. Note that RTMP packets that need to be forwarded by the router are not discarded.
The following example disables strict checking of RTMP routing updates:
no appletalk strict-rtmp-checking
appletalk require-route-zones
appletalk send-rtmps
appletalk timers
To change the routing update timers, use the appletalk timers global configuration command. To return to the default routing update timers, use the no form of this command.
appletalk timers update-interval valid-interval invalid-interval| update-interval | Time, in seconds, between routing updates sent to other routers on the network. The default is 10 seconds. |
| valid-interval | Time, in seconds, that the router will consider a route valid without having heard a routing update for that route. The default is 20 seconds (two times the update interval). |
| invalid-interval | Time, in seconds, that the route is retained after the last update. The default is 60 seconds (three times the valid interval). |
update-interval: 10 seconds
valid-interval: 20 seconds
invalid-interval: 60 seconds
Global configuration
Routes older than the time specified by update-interval are considered suspect. Once the period of time specified by valid-interval has elapsed without having heard a routing update for a route, the route becomes bad and is eligible for replacement by a path with a higher (less favorable) metric. During the invalid-interval period, routing updates include this route with a special "notify neighbor" metric. If this timer expires, the route is deleted from the routing table.
Note that you should not attempt to modify the routing timers without fully understanding the ramifications of doing so. Many other AppleTalk router vendors provide no facility for modifying their routing timers; should you adjust our router's AppleTalk timers such that routing updates do not arrive at these other routers within the normal interval, it is possible to degrade or destroy AppleTalk network connectivity.
If you change the routing update interval, be sure to do so for all routers on the network.
In rare instances, you might want to change this interval, such as when a router is busy and cannot send routing updates every 10 seconds or when slower routers are incapable of processing received routing updates in a large network.
The following example increases the update interval to 20 seconds and the route-valid interval to 40 seconds:
appletalk timers 20 40 60
To specify the interval at which the router sends ZIP queries, use the appletalk zip-query-interval global configuration command. To return to the default interval, use the no form of this command.
appletalk zip-query-interval interval| interval | Interval, in seconds, at which the router sends ZIP queries. It can be any positive integer. The default is 10 seconds. |
10 seconds
Global configuration
The router uses the information received in response to its ZIP queries to update its zone table.
The following example changes the ZIP query interval to 40 seconds:
appletalk zip-query-interval 40
To set the zone name for the connected AppleTalk network, use the appletalk zone interface configuration command. To delete a zone, use the no form of this command.
appletalk zone zone-nameNo zone name is set.
Interface configuration
If discovery mode is not enabled, you can specify this command only after an appletalk address or appletalk cable-range command. You can issue it multiple times if it follows the appletalk cable-range command.
On interfaces that have discovery mode disabled, you must assign a zone name in order for AppleTalk routing to begin.
If an interface is using extended AppleTalk, the first zone specified in the list is the default zone. The router always uses the default zone when registering NBP names for interfaces. Nodes in the network will select the zone in which they will operate from the list of zone names valid on the cable to which they are connected.
If an interface is using nonextended AppleTalk, repeated execution of the appletalk zone command will replace the interface's zone name with the newly specified zone name.
The no form of the command deletes a zone name from a zone list or deletes the entire zone list if you do not specify a zone name. For nonextended AppleTalk interfaces, the zone name argument is ignored. You should delete any existing zone-name list using the no appletalk zone interface subcommand before configuring a new zone list.
The zone list is cleared automatically when you issue an appletalk address or appletalk cable-range command. The list also is cleared if you issue the appletalk zone command on an existing network; this can occur when adding zones to a set of routers until all routers are in agreement.
The following example assigns the zone name Twilight to an interface:
interface Ethernet 0 appletalk cable-range 10-20 appletalk zone Twilight
The following example uses AppleTalk special characters to set the zone name to Cisco·Zone.
appletalk zone Cisco:A5Zone
appletalk address
appletalk cable-range
show appletalk zone
To delete all entries or a specified entry from the AppleTalk ARP (AARP) table, use the clear appletalk arp EXEC command.
clear appletalk arp [network.node]| network.node | (Optional) AppleTalk network address to be deleted from the router's AARP table. The argument network is the 16-bit network number in the range 0 to 65279. The argument node is the 8-bit node number in the range 0 to 254. Both numbers are decimal. |
EXEC
The following example deletes all entries from the router's AARP table:
clear appletalk arp
show appletalk arp
To delete all entries or a specified entry from the neighbor table, use the clear appletalk neighbor EXEC command.
clear appletalk neighbor [neighbor-address]| neighbor-address | (Optional) Network address of the neighboring router to be deleted from the neighbor table. The address is in the format network.node. The argument network is the 16-bit network number in the range 1 to 65279. The argument node is the 8-bit node number in the range 0 to 254. Both numbers are decimal. |
EXEC
You cannot clear the entry for an active neighbor, that is, for a neighbor that still has RTMP connectivity.
The following example deletes the neighboring router 1.129 from the neighbor table:
clear appletalk neighbor 1.129
show appletalk neighbors
To delete entries from the routing table, use the clear appletalk route EXEC command.
clear appletalk route [network]| network | (Optional) Number of the network the route is to. |
EXEC
The following example deletes the route to network 1:
clear appletalk route 1
show appletalk route
To reset AppleTalk traffic counters, use the clear appletalk traffic EXEC command.
clear appletalk trafficThis command has no arguments or keywords.
EXEC
The following is sample output after a clear appletalk traffic command was executed.
Router#clear appletalk trafficRouter#show appletalk trafficAppleTalk statistics: Rcvd: 0 total, 0 checksum errors, 0 bad hop count 0 local destination, 0 access denied 0 for MacIP, 0 bad MacIP, 0 no client 0 port disabled, 0 no listener 0 ignored, 0 martians Bcast: 0 received, 0 sent Sent: 0 generated, 0 forwarded, 0 fast forwarded, 0 loopback 0 forwarded from MacIP, 0 MacIP failures 0 encapsulation failed, 0 no route, 0 no source DDP: 0 long, 0 short, 0 macip, 0 bad size NBP: 0 received, 0 invalid, 0 proxies 0 replies sent, 0 forwards, 0 lookups, 0 failures RTMP: 0 received, 0 requests, 0 invalid, 0 ignored 0 sent, 0 replies EIGRP: 0 received, 0 hellos, 0 updates, 0 replies, 0 queries 0 sent, 0 hellos, 0 updates, 0 replies, 0 queries 0 invalid, 0 ignored ATP: 0 received ZIP: 0 received, 0 sent, 0 netinfo Echo: 0 received, 0 discarded, 0 illegal 0 generated, 0 replies sent Responder: 0 received, 0 illegal, 0 unknown AppleTalk statistics: 0 replies sent, 0 failures AARP: 0 requests, 0 replies, 0 probes 0 martians, 0 bad encapsulation, 0 unknown 0 sent, 0 failures, 0 delays, 0 drops Lost: 0 no buffers Unknown: 0 packets Discarded: 0 wrong encapsulation, 0 bad SNAP discriminator
show appletalk mac-ip traffic
show appletalk traffic
To check host reachability and network connectivity, use the ping user EXEC command.
ping appletalk network.node| appletalk | Specifies the AppleTalk protocol. |
| network.node | AppleTalk address of the system to ping. |
EXEC
The user ping (packet internet groper function) command provides a basic ping facility for users who do not have system privileges. This command is equivalent to the nonverbose form of the privileged ping command. It sends five 100-byte ping packets. The ping command sends Apple Echo Protocol (AEP) datagrams to other AppleTalk nodes to verify connectivity and measure round-trip times.
Only an interface that supports HearSelf can respond to packets generated at a local console and directed to an interface on the same router. Our routers support only HearSelf on Ethernet.
If the system cannot map an address for a host name, it will return an "%Unrecognized host or address" error message.
To abort a ping session, type the escape sequence. By default, this is Ctrl-^ X. You enter this by simultaneously pressing the Ctrl, Shift, and 6 keys, letting go, and then pressing the X key.
Table 13-2 describes the test characters displayed in ping responses.
| Character | Meaning |
|---|---|
| ! | Each exclamation point indicates the receipt of a reply from the target address. |
| . | Each period indicates the network server timed out while waiting for a reply from the target address. |
| B | A bad or malformed echo was received from the target address. |
| C | An echo with a bad DDP checksum was received. |
| E | Transmission of an echo packet to the target address failed. |
| R | Transmission of the echo packet to the target address failed due to lack of a route to the target address. |
The following display shows input to and output from the user ping command.
Router> ping appletalk 1024.128 Type escape sequence to abort. Sending 5, 100-byte AppleTalk Echoes to 1024.128, timeout is 2 seconds: !!!!! Success rate is 100 percent, round-trip min/avg/max = 4/4/8 ms
ping (privileged)
To check host reachability and network connectivity, use the ping privileged EXEC command.
ping [appletalk] [network.node]| appletalk | (Optional) Specifies the AppleTalk protocol. |
| network.node | (Optional) AppleTalk address of the system to ping. |
Privileged EXEC
The privileged ping (packet internet groper function) command provides a complete ping facility for users who have system privileges. The ping command sends Apple Echo Protocol (AEP) datagrams to other AppleTalk nodes to verify connectivity and measure round-trip times.
Only an interface that supports HearSelf can respond to packets generated at a local console and directed to an interface on the same router. Our routers only support HearSelf on Ethernet.
If the system cannot map an address for a host name, it will return an "%Unrecognized host or address" error message.
To abort a ping session, type the escape sequence. By default, this is Ctrl-^ X. You enter this by simultaneously pressing the Ctrl, Shift, and 6 keys, letting go, and then pressing the X key.
Table 13-3 describes the test characters displayed in ping responses.
| Character | Meaning |
|---|---|
| ! | Each exclamation point indicates the receipt of a reply (echo) from the target address. |
| . | Each period indicates the network server timed out while waiting for a reply from the target address. |
| B | The echo received from the target address was bad or malformed. |
| C | An echo with a bad DDP checksum was received. |
| E | Transmission of an echo packet to the target a |