|
|
AppleTalk is a local-area network system that was designed and developed by Apple Computer, Inc. It can run over Ethernet, Token Ring, and FDDI networks, and over Apple's proprietary twisted-pair media access system (LocalTalk). AppleTalk specifies a protocol stack comprising several protocols that direct the flow of traffic over the network.
Apple Computer uses the name AppleTalk to refer to the Apple networking architecture. Apple refers to the actual transmission media used in an AppleTalk network as LocalTalk (Apple's proprietary twisted-pair transmission medium for AppleTalk), TokenTalk (AppleTalk over Token Ring), EtherTalk (AppleTalk over Ethernet), and FDDITalk (AppleTalk over Fiber Distributed Data Interface).
Use the commands in this chapter to configure and monitor AppleTalk networks. For AppleTalk configuration information and examples, refer to the "Configuring AppleTalk Routing" chapter in the Access and Communication Servers Configuration Guide .
To define the default action to take for access checks that apply to zones, use the access-list additional-zones global configuration command.
access-list access-list-number {deny | permit} additional-zones
access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
deny | Denies access if the conditions are matched. |
permit | Permits access if the conditions are matched. |
No access lists are predefined.
Global configuration
The access-list additional-zones command defines the action to take for access checks not explicitly defined with the access-list zone command. If you do not specify this command, the default action is to deny other access.
You apply access lists defined with the access-list additional-zones command to outgoing routing updates and GZL filters (using the appletalk distribute-list out, and appletalk getzonelist-filter commands). You cannot apply them to data-packet filters (using the appletalk access-group command) or to incoming routing update filters (using the appletalk distribute-list in command).
The following example creates an access list based on AppleTalk zones:
access-list 610 deny zone Twilight access-list 610 permit additional-zones
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
access-list zones
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
appletalk permit-partial-zones
To define an AppleTalk access list for a cable range (for extended networks only), use the access-list cable-range global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} cable-range cable-range
access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
deny | Denies access if the conditions are matched. |
permit | Permits access if the conditions are matched. |
cable-range | Cable range value. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal numbers from 1 to 65279. The starting network number must be less than or equal to the ending network number. |
No access lists are predefined.
Global configuration
When used as a routing update filter, the access-list cable-range command affects matching on extended networks only. The conditions defined by this access list are used only when a cable range in a routing update exactly matches that specified in the access-list cable-range command. The conditions are never used to match a network number (for a nonextended network).
When used as a data-packet filter, the access-list cable-range command affects matching on any type of network number. The conditions defined by this access list are used only when the packet's source network lies in the range defined by the access list.
You apply access lists defined with the access-list cable-range command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GetZoneList (GZL) filters (using the appletalk getzonelist-filter command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-numberTo delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} cable-range cable-rangePriority queuing for AppleTalk operates on the destination network number, not the source network number.
The following access list forwards all packets except those destined to cable range 10 to 20:
access-list 600 deny cable-range 10-20 access-list 600 permit other-access
access-list additional-zones
access-list includes
access-list network
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list protocol †
To define an AppleTalk access list that overlaps any part of a range of network numbers or cable ranges (for both extended and nonextended networks), use the access-list includes global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} includes cable-range
access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
deny | Denies access if the conditions are matched. |
permit | Permits access if the conditions are matched. |
cable-range | Cable range or network number. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal numbers from 1 to 65279. The starting network number must be less than or equal to the ending network number. To specify a network number, set the starting and ending network numbers to the same value. |
No access lists are predefined.
Global configuration
When used as a routing update filter, the access-list includes command affects matching on extended and nonextended AppleTalk networks. The conditions defined by this access list are used when a cable range or network number overlaps, either partially or completely, one (or more) of those specified in the access-list includes command.
When used as a data-packet filter, the conditions defined by this access list are used when the packet's source network lies in the range defined in the access-list includes command.
You apply access lists defined with the access-list includes command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-numberTo delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} includes cable-rangePriority queuing for AppleTalk operates on the destination network number, not the source network number.
The following example defines an access list that permits access to any network or cable range that overlaps any part of the range 10 to 20. This means, for example, that cable ranges 13 to 16 and 17 to 25 will be permitted. This access list also permits all other ranges.
access-list 600 permit includes 10-20 access-list 600 permit other-access
access-list additional-zones
access-list cable-range
access-list network
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list protocol †
To define an AppleTalk access list for a single network number (that is, for a nonextended network), use the access-list network global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} network network
access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
deny | Denies access if the conditions are matched. |
permit | Permits access if the conditions are matched. |
network | AppleTalk network number. |
No access lists are predefined.
Global configuration
When used as a routing-update filter, the access-list network command affects matching on nonextended networks only. The conditions defined by this access list are used only when the a nonextended number in a routing update matches a network number specified in one of the access-list network commands. The conditions are never used to match a cable range (for an extended network) even if the cable range has the same starting and ending number.
When used as a data-packet filter, the conditions defined by this access list are used only when the packet's source network matches the network number specified in the access-list network command.
You apply access lists defined with the access-list network command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
In software releases before 9.0, the syntax of this command was access-list access-list-number {deny | permit} network. The current version of the software is still able to interpret commands in this format if it finds them in a configuration or boot file. However, it is recommended that you update the commands in your configuration or boot files to match the current syntax.
Use the no access-list command with the access-list-number argument only to remove an entire access list from the configuration. Specify the optional arguments to remove a particular clause.
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-numberTo delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} network networkPriority queuing for AppleTalk operates on the destination network number, not the source network number.
The following example defines an access list that forwards all packets except those destined for networks 1 and 2:
access-list 650 deny network 1 access-list 650 deny network 2 access-list 650 permit other-access
access-list additional-zones
access-list cable-range
access-list includes
access-list other-access
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list protocol
To define the default action to take for access checks that apply to networks or cable ranges, use the access-list other-access global configuration command.
access-list access-list-number {deny | permit} other-access
access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
deny | Denies access if the conditions are matched. |
permit | Permits access if the conditions are matched. |
No access lists are predefined.
Global configuration
The access-list other-access command defines the action to take for access checks not explicitly defined with an access-list network, access-list cable-range, access-list includes, or access-list within command. If you do not specify this command, the default action is to deny other access.
You apply access lists defined with the access-list other-access command to data-packet and routing-update filters (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
In software releases before 9.0, the syntax of this command was access-list access-list-number {deny | permit} -1. The current version of the software is still able to interpret commands in this format if it finds them in a configuration or boot file. However, it is recommended that you update the commands in your configuration or boot files to match the current syntax.
Priority queuing for AppleTalk operates on the destination network number, not the source network number.
The following example defines an access list that forwards all packets except those destined for networks 1 and 2:
access-list 650 deny network 1 access-list 650 deny network 2 access-list 650 permit other-access
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list within
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
priority-list protocol
To define an AppleTalk access list for an extended or a nonextended network whose network number or cable range is included entirely within the specified cable range, use the access-list within global configuration command. To remove this access list, use the no form of this command.
access-list access-list-number {deny | permit} within cable-range
access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
deny | Denies access if the conditions are matched. |
permit | Permits access if the conditions are matched. |
cable-range | Cable range or network number. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal numbers from 1 to 65279. The starting network number must be less than or equal to the ending network number. To specify a network number, set the starting and ending network numbers to the same value. |
No access lists are predefined.
Global configuration
When used as a routing update filter, the access-list within command affects matching on extended and nonextended AppleTalk networks. The conditions defined by this access list are used when a cable range or network number overlaps, either partially or completely, one (or more) of those specified in the access-list within command.
When used as a data-packet filter, the conditions defined by this access list are used when the packet's source network lies in the range defined in the access-list within command.
You apply access lists defined with the access-list within command to data-packet and routing-update (using the appletalk access-group, appletalk distribute-list in, and appletalk distribute-list out). You cannot apply them to GZL filters (using the appletalk getzonelist-filter command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-numberTo delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} within cable-rangePriority queuing for AppleTalk operates on the destination network number, not the source network number.
The following example defines an access list that permits access to any network or cable range that is completely included in the range 10 to 20. This means, for example, that cable range 13 to 16 will be permitted, but cable range 17 to 25 will not be. The second line of the access list permits all other packets.
access-list 600 permit within 10-20 access-list 600 permit other-access
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list zone
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
priority-list protocol
To define an AppleTalk access list that applies to a zone, use the access-list zone global configuration command. To remove an access list, use the no form of this command.
access-list access-list-number {deny | permit} zone zone-name
access-list number | Number of the access list. This is a decimal number from 600 to 699. |
deny | Denies access if the conditions are matched. |
permit | Permits access if the conditions are matched. |
zone-name | Name of the zone. The name can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. |
No access lists are predefined.
Global configuration
You apply access lists defined with the access-list zones command to outgoing routing update and GZL filters (using the appletalk distribute-list out, and appletalk getzonelist-filter commands). You cannot apply them to data-packet filters (using the appletalk access-group command) or to incoming routing update filters (using the appletalk distribute-list in command).
To delete an access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:
no access-list access-list-numberTo delete the access list for a specific network, use the following command:
no access-list access-list-number {deny | permit} zone zone-nameUse the access-list additional-zones command to define the action to take for access checks not explicitly defined with the access-list zone command.
The following example creates an access list based on AppleTalk zones:
access-list 610 deny zone Twilight access-list 610 permit additional-zones
access-list additional-zones
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
appletalk access-group
appletalk distribute-list in
appletalk distribute-list out
appletalk getzonelist-filter
appletalk permit-partial-zones
To allow users to access an AppleTalk zone when dialing into an asychronous line on the access server, use the interface configuration async command appletalk client-mode. Use the no form of the command to disable this configuration.
appletalk client-modeThis command has no arguments or keywords.
Client mode is disabled.
Interface configuration
This command allows an asynchronous interface to be used by a remote client to access one or more AppleTalk zones, use networked peripherals, and share files with other Macintosh users.
Before a client can access an AppleTalk zone on the remote network, you must first define the interface as async, the encapsulation as PPP, and create an internal network for the Macintosh client by using the appletalk virtual-net command.
This configuration does not support routing.
The following example allows a user to access AppleTalk functionality on an asynchronous line using PPP:
appletalk client-mode
A dagger (†) indicates that the command is documented in another chapter.
appletalk virtual-net
encapsulation†
interface async†
ppp†
To assign an access list to an interface, use the appletalk access-group interface configuration command. To remove the access list use the no form of this command.
appletalk access-group access-list-number
access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
No access lists are predefined.
Interface configuration
The appletalk access-group command applies data-packets filter to an interface. These filters check data packets being sent out an interface. If the packets' source network has access denied, these packets are not transmitted but rather are discarded.
Data-packet filters use access lists that define conditions for networks and cable ranges only. They ignore any zone information that may be in the access list.
When you apply a data-packet filter to an interface, you should ensure that all networks or cable ranges within a zone are governed by the same filters.
The following example applies access list 601 to Ethernet interface 0:
access-list 601 deny cable-range 1-10 access-list 601 permit other-access interface ethernet 0 appletalk access-group 601
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
appletalk distribute-list in
appletalk distribute-list out
To enable nonextended AppleTalk routing on an interface, use the appletalk address interface configuration command. To disable nonextended AppleTalk routing, use the no form of this command.
appletalk address network.node
network.node | AppleTalk network address assigned to the interface. The argument network is the 16-bit network number in the range 0 to 65279. The argument node is the 8-bit node number in the range 0 to 254. Both numbers are decimal. |
Disabled
Interface configuration
You must enable routing on the interface before assigning zone names.
Specifying an address of 0.0, or 0.node places the interface into discovery mode. When in this mode, the communication server attempts to determine network address information from another router or communication server on the network. You also can enable discovery mode with the appletalk discovery command. Discovery mode does not run over serial lines.
The following example enables nonextended AppleTalk routing on Ethernet interface 0:
appletalk routing interface ethernet 0 appletalk address 1.129
appletalk cable-range
appletalk discovery
appletalk zone
To display network numbers in a two-octet format, use the appletalk alternate-addressing global configuration command. To return to displaying network numbers in the format network.node, use the no form of this command.
appletalk alternate-addressingThis command has no arguments or keywords.
Addresses are displayed in network.node format.
Global configuration
The appletalk alternate-addressing command displays cable ranges in the alternate format wherever applicable. This format consists of printing the upper and lower bytes of a network number as 8-bit decimal values separated by a decimal point. For example, the cable range 511-512 would be printed as 1.255-2.0.
The following example enables the display of network numbers in a two-octet format:
appletalk alternate-addressing
To specify the time interval between the retransmission of Address Resolution Protocol (ARP) packets, use the appletalk arp interval global configuration command. To restore both default intervals, use the no form of this command.
appletalk arp [probe | request] interval interval
probe | (Optional) Indicates that the interval specified is to be used with AppleTalk Address Resolution Protocol (AARP) requests that are trying to determined the address of the local router when the communication server is being configured. If you omit probe and request, probe is the default. |
request | (Optional) Indicates that the interval specified is to be used when AARP is attempting to determine the hardware address of another node so that AARP can deliver a packet. |
interval | Interval, in milliseconds, between AARP transmissions. The minimum value is 33 milliseconds. When used with the probe keyword, the default interval is 200 milliseconds. When used with the request keyword, the default interval is 1000 milliseconds. |
If you omit all keywords, probe is the default.
probe—200 milliseconds
request—1000 milliseconds
Global configuration
The time interval you specify takes effect immediately.
Lengthening the interval between AARP transmissions permits responses from devices that respond slowly, such as printers and overloaded file servers, to be received.
AARP uses the appletalk arp probe interval value when obtaining the address of the local communication server. This is done when the communication server is being configured. You should not change the default value of this interval unless absolutely necessary, because this value directly modifies the AppleTalk dynamic node assignment algorithm.
AARP uses the appletalk arp request interval value when attempting to determine the hardware address of another node so that it can deliver a packet. You can change this interval as desired, although the default value is optimal for most sites.
The no appletalk arp command restores both the probe and request intervals specified in the appletalk arp interval and appletalk arp retransmit-count commands to their default values.
In the following example, the AppleTalk ARP retry interval is lengthened to 2000 milliseconds:
appletalk arp request interval 2000
appletalk arp retransmit-count
appletalk arp-timeout
appletalk glean-packets
show appletalk global
To specify the number of AARP probe or request transmissions, use the appletalk arp retransmit-count global configuration command. To restore both default values, use the no form of this command.
appletalk arp [probe | request] retransmit-count number
probe | (Optional) Indicates that the number specified is to be used with AARP requests that are trying to determined the address of the local router when the communication server is being configured. If you omit probe and request, probe is the default. |
request | (Optional) Indicates that the number specified is to be used when AARP is attempting to determine the hardware address of another node so that AARP can deliver a packet. |
number | Number of AARP retransmissions that will occur. The minimum number is 1. When used with the probe keyword, the default value is 10 retransmissions. When used with the request keyword, the default value is 5 retransmissions. Specifying 0 selects the default value. |
If you omit the keyword, probe is the default.
probe—10
request—5
Global configuration
The value you specify takes effect immediately.
Increasing the number of retransmissions permits responses from devices that respond slowly, such as printers and overloaded file servers, to be received.
AARP uses the appletalk arp probe retransmit-count value when obtaining the address of the local router. This is done when the communication server is being configured. You should not change the default value unless absolutely necessary, because this value directly modifies the AppleTalk dynamic node assignment algorithm.
AARP uses the appletalk arp request retransmit-count value when attempting to determine the hardware address of another node so that it can deliver a packet. You can change this interval as desired, although the default value is optimal for most sites.
The no appletalk arp command restores both the probe and request intervals specified in the appletalk arp interval and appletalk arp retransmit-count commands to their default values.
The following example specifies an AARP retransmission count of 10 for AARP packets that are requesting the hardware address of another node on the network:
appletalk arp request retransmit-count 10
appletalk arp interval
appletalk arp-timeout
appletalk glean-packets
show appletalk global
To specify the interval at which entries are aged out of the ARP table, use the appletalk arp-timeout interface configuration command. To return to the default timeout, use the no form of this command.
appletalk arp-timeout interval
interval | Time, in minutes, after which an entry is removed from the AppleTalk ARP table. The default is 240 minutes, or 4 hours. |
240 minutes (4 hours)
Interface configuration
The following example changes the ARP timeout interval on Ethernet interface 0 to 2 hours:
interface ethernet 0 appletalk cable-range 2-2 appletalk arp-timeout 120
appletalk arp interval
appletalk arp retransmit-count
appletalk glean-packets
To set the AURP last-heard-from timer value, use the appletalk aurp tickle-time interface configuration command. To return to the default last-heard-from timer value, use the no form of this command.
appletalk aurp tickle-time seconds
seconds | Time-out value, in seconds. This value can be a number in the range 30 to infinity. The default is 90 seconds. |
90 seconds
Interface configuration
If the tunnel peer has not been heard from with the time specified by the least-heard-from timer value, the communication server sends tickle packets to check that the tunnel peer is still up.
You can use this command only on tunnel interfaces.
The following example changes the AURP last-heard-from timer value on tunnel interface 0 to 120 seconds:
interface tunnel 0 appletalk aurp tickle-time 120
show appletalk interface tunnel
To set the minimum interval between AURP routing updates, use the appletalk aurp update-interval global configuration command. To return to the default interval, use the no form of this command.
appletalk aurp update-interval seconds
seconds | AURP routing update interval, in seconds. This interval must be a multiple of 10. The default is 30 seconds. |
30 seconds
Global configuration
The AURP routing update interval applies only to tunnel interfaces.
The following example changes the AURP routing update interval on tunnel interface 0 to 40 seconds:
interface tunnel 0 appletalk aurp update-interval 40
show appletalk globals
To enable an extended AppleTalk network, use the appletalk cable-range interface configuration command. To disable an extended AppleTalk network, use the no form of this command.
appletalk cable-range cable-range [network.node]
cable-range | Cable range value. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal number from 0 to 65279. The starting network number must be less than or equal to the ending network number. |
network.node | (Optional) Suggested AppleTalk address for the interface. The argument network is the 16-bit network number, and the argument node is the 8-bit node number. Both numbers are decimal. The suggested network number must fall within the specified range of network numbers. |
Disabled
Interface configuration
You must enable routing on the interface before assigning zone names.
Specifying a cable range value of 0-0 places the interface into discovery mode. When in this mode, the communication server attempts to determine cable range information from another router or communication server on the network. You also can enable discovery mode with the appletalk discovery command. Discovery mode does not run over serial lines.
The following example assigns a cable range of 3 to 3 to the interface:
interface ethernet 0 appletalk cable-range 3-3
appletalk address
appletalk discovery
appletalk zone
To enable the generation and verification of checksums for all AppleTalk packets (except routed packets), use the appletalk checksum global configuration command. To disable checksum generation and verification, use the no form of this command.
appletalk checksumThis command has no arguments or keywords.
Enabled
Global configuration
When the appletalk checksum command is enabled, the communication server discards incoming DDP packets when the checksum is nonzero and is incorrect, and when the communication server is the final destination for the packet.
You might want to disable checksum generation and verification if you have very early devices, such as LaserWriter printers, that cannot receive packets that contain checksums.
Our routers and communication servers do not check checksums on routed packets, thereby eliminating the need to disable checksum to allow operation of some networking applications.
The following example disables the generation and verification of checksums:
no appletalk checksum
show appletalk global
To place an interface into discovery mode, use the appletalk discovery interface configuration command. To disable discovery mode, use the no form of this command.
appletalk discoveryThis command has no arguments or keywords.
Discovery mode is disabled.
Interface configuration
If an interface is connected to a network that has at least one other operational AppleTalk router, you can dynamically configure the interface using discovery mode. In discovery mode, an interface acquires network address information about the attached network from an operational router and then uses this information to configure itself.
If you enable discovery mode on an interface, then when the communication server is starting up, that interface must acquire information to configure itself from another operational router on the attached network. If no operational router is present on the connected network, the interface will not start up.
If you do not enable discovery mode, then when the communication server is starting up, the interface must acquire its configuration from memory. If the stored configuration is not complete, the interface will not start up. If there is another operational router on the connected network, the communication server will verify the interface's stored configuration with that router. If there is any discrepancy, the interface will not start up. If there are no neighboring operational routers, the communication server will assume the interface's stored configuration is correct and will start up.
Once an interface is operational, it can seed the configurations of other routers on the connected network regardless of whether you have enabled discovery mode on any of the routers.
If you enable appletalk discovery and the interface is restarted, another operational router must still be present on the directly connected network in order for the interface to start up.
It is not advisable to have all routers on a network configured with discovery mode enabled. If all routers were to restart simultaneously (for instance, after a power failure), the network would become inaccessible until at least one router were restarted with discovery mode disabled.
You also can enable discovery mode by specifying an address of 0.0. in the appletalk address command or a cable range of 0-0 in the appletalk cable-range command.
Discovery mode is useful when you are changing a network configuration or when you are adding a communication server to an existing network.
Discovery mode does not run over serial lines.
Use the no appletalk discovery command to disable discovery mode. If the interface is not operational when you issue this command (that is, if you have not issued an appletalk zone command on the interface), you must configure the zone name next. If the interface is operational when you issue the no appletalk discovery command, you can save the current configuration (in running memory) in nonvolatile memory by issuing the write memory EXEC command.
The following example enables discovery mode on Ethernet interface 0:
interface ethernet 0 appletalk discovery
appletalk address
appletalk cable-range
appletalk zone
show appletalk interface
write memory
To filter routing updates received from other routers over a specified interface, use the appletalk distribute-list in interface configuration command. To remove the routing table update filter, use the no form of this command.
appletalk distribute-list access-list-number in
access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
No routing filters are preconfigured.
Interface configuration
The appletalk distribute-list in command controls which networks and cable ranges in routing updates will be entered into the local routing table.
Filters for incoming routing updates use access lists that define conditions for networks and cable ranges only. They cannot use access lists that define conditions for zones. All zone information in an access list assigned to the interface with the appletalk distribute-list in command is ignored.
An input distribution list filters network numbers received in an incoming routing update. When AppleTalk routing updates are received on the specified interface, each network number and cable range in the update is checked against the access list. Only network numbers and cable ranges that are permitted by the access list are inserted into the communication server's AppleTalk routing table.
The following example prevents the communication server from accepting routing table updates received from network 10 and on Ethernet interface 3:
access-list 601 deny network 10 access-list 601 permit other-access interface ethernet 3 appletalk distribute-list 601 in
access-list cable-range
access-list includes
access-list network
access-list other-access
access-list within
appletalk distribute-list out
To filter routing updates transmitted to other routers, use the appletalk distribute-list out interface configuration command. To remove the routing table update filter, use the no form of this command.
appletalk distribute-list access-list-number out
access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
No routing filters are preconfigured.
Interface configuration
The appletalk distribute-list out command controls which network numbers and cable ranges are included in routing updates and which zones the local router includes in its GetZoneList replies.
When an AppleTalk routing update is generated on the specified interface, each network number and cable range in the routing table is checked against the access list. If an undefined access list is used, all network numbers and cable ranges are added to the routing update. Otherwise, if an access list is defined, only network numbers and cable ranges that satisfy the following conditions are added to the routing update:
A zone is considered partially obscured when one or more network numbers or cable ranges that are members of the zone is explicitly or implicitly denied.
When a ZIP GetZoneList reply is generated, only zones that satisfy the following conditions are included:
The following example prevents routing updates sent on Ethernet 0 from mentioning any networks in zone Admin:
access-list 601 deny zone Admin access-list 601 permit other-access interface ethernet 0 appletalk distribute-list 601 out
access-list additional-zones
access-list zones
appletalk distribute-list in
appletalk getzonelist-filter
appletalk permit-partial zones
To assign a predefined domain number to an interface, use the appletalk domain-group interface configuration command. To remove an interface from a domain, use the no form of this command.
appletalk domain-group domain-number
domain-number | Number of an AppleTalk domain. It can be a decimal integer from 1 through 1000000. |
No domain number is assigned to the interface.
Interface configuration
Before you can assign a domain number to an interface, you must create a domain with that domain number using the appletalk domain name global configuration command.
One or more interfaces on a communication server can be members of the same domain. However, a given interface can be in only one domain.
The following example assigns domain group 1 to Ethernet interface 0:
interface ethernet 0 appletalk domain-group 1
appletalk domain name
To reduce the hop-count value in packets traveling between segments of a domains, use the appletalk domain hop-reduction global configuration command. To disable the reduction of hop-count values, use the no form of this command.
appletalk domain domain-number hop-reduction
domain-number | Number of an AppleTalk domain. It can be a decimal integer from 1 through 1000000. |
The hop count is set to 1 each time a packet passes through the communication server.
Global configuration
Before you can specify the appletalk domain hop-reduction global configuration command, you must have created a domain with that domain number using the appletalk domain name global configuration command.
DDP and RTMP both impose a 15-hop limit when forwarding packets. A packet ages out and is no longer forwarded when its hop count reaches 16. To overcome RTMP's 15-hop limit, the domain communication server represents all networks accessible to routers on its local network as one hop away. This allows communication servers to maintain and send routing information about networks beyond the 15-hop limit and achieve full connectivity.
When you enable hop-count reduction, the hop count in a packet is set to 1 as it passes from one domain to another. For example, if the hop count was 8 when the packet left one domain, its hop count is 1 when it enters the next segment of the domain.
Hop reduction is performed only on packets traveling to and from interfaces that are configured for AppleTalk Enhanced IGRP.
The following example enables hop-count reduction for domain number 1:
appletalk domain 1 name Delta appletalk domain 1 hop-reduction
appletalk domain name
To create a domain and assign it a name and number, use the appletalk domain name global configuration command. To remove a domain, use the no form of this command.
appletalk domain domain-number name domain-name
domain-number | Number of an AppleTalk domain. It can be a decimal integer from 1 through 1000000. |
domain-name | Name of an AppleTalk domain. The name must be unique across the AppleTalk internetwork. It can be up to 32 characters long and can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. |
No domain is created.
Global configuration
The following example creates domain number 1 and assigns it the name Delta:
appletalk domain 1 name Delta
appletalk routing
To remap ranges of AppleTalk network numbers or cable ranges between two segments of a domain, use the appletalk domain remap-range global configuration command. To disable remapping, use the no form of this command.
appletalk domain domain-number remap-range {in | out} start-range-end-range
domain-number | Number of an AppleTalk domain. It can be a decimal integer from 1 through 1000000. |
in | Specifies that the remapping is performed on inbound packets, that is, on packets arriving at the domain router. All network numbers or cable ranges coming from the domain are remapped into the specified range. |
out | Specifies that the remapping is performed on outbound packets, that is, on packets exiting from the domain router. All network numbers or cable ranges going to the domain are remapped into the specified range. |
start-range | First AppleTalk network number or beginning of cable range to remap. The number must be immediately followed by a hyphen. |
end-range | Last AppleTalk network number or end of cable range to remap. The number must be immediately preceded by a hyphen. |
No remapping is performed.
Global configuration
Before you can specify the appletalk domain remap-range command, you must create a domain with that domain number using the appletalk domain name global configuration command.
Ensure that the domain range you specify does not overlap any network addresses or cable ranges that already exist in the internetwork.
Each domain can have two domain mapping ranges to which to remap all incoming or outgoing network numbers or cable ranges.
The following example remaps all network addresses and cable ranges for packets inbound from domain 1 into the address range 1000 to 1999. It also remaps packets inbound from domain 2.
appletalk domain 1 name Delta appletalk domain 2 name Echo appletalk domain 1 remap-range in 10000-10999 appletalk domain 2 remap-range in 20000-20999
appletalk domain name
show appletalk remap
To configure split horizon, use the appletalk eigrp-splithorizon interface configuration command. To disable split horizon, use the no form of this command.
appletalk eigrp-splithorizonThis command has no arguments or keywords.
Enabled
Interface configuration
If you enable split horizon on an interface, AppleTalk Enhanced IGRP update and query packets are not sent if this interface is the next hop to that destination. This reduces the number of Enhanced IGRP packets of the network.
Split horizon blocks information about routes from being advertised by a router or communication server out any interface from which that information originated. This behavior usually optimizes communication among multiple communication servers, particularly when links are broken. However, with nonbroadcast networks, such as Frame Relay and SMDS, situations can arise for which this behavior is less than ideal. For these situations, you may wish to disable split horizon.
The following example disables split horizon on serial interface 0:
interface serial 0 no appletalk eigrp-splithorizon
To configure the AppleTalk Enhanced IGRP hello packet interval and the route hold time, use the appletalk eigrp-timers interface configuration command. To return to the default values for these timers, use the no form of this command.
appletalk eigrp-timers hello-interval hold-time
hello-interval: 5 seconds
hold-time: 45 seconds
Interface configuration
If the current value for the hold time is less than two times the hello interval, the hold time is reset to three time the hello interval.
If a communication server does not receive a hello packet within the specified hold time, routes through the communication server are considered available.
Increasing the hold time delays route convergence across the network.
The following example changes the hello interval to 10 seconds:
interface ethernet 0 appletalk eigrp-timers 10 45
To log significant network events, use the appletalk event-logging global configuration command. To disable this function, use the no form of this command.
appletalk event-loggingThis command has no arguments or keywords.
Events are not logged.
Global configuration
The appletalk event-logging command logs a subset of messages produced by debug appletalk command. This includes routing changes, zone creation, port status, and address.
The following example shows the use of the appletalk event-logging command:
appletalk routing appletalk event-logging
show appletalk global
To establish a free-trade zone, use the appletalk free-trade-zone interface configuration command. To disable a free-trade zone, use the no form of this command.
appletalk free-trade-zoneThis command has no arguments or keywords.
Free-trade zones are not preconfigured.
Interface configuration
A free-trade zone is a part of an AppleTalk internet that is accessible by two other parts of the internet, neither of which can access the other. You might want to create a free-trade zone to allow the exchange of information between two organizations that otherwise want to keep their internets isolated from each other or that do not have physical connectivity with one another.
You apply the appletalk free-trade-zone command to each interface attached to the common-access network. This command has the following effect on the interface:
The GZL for free-trade zone nodes will be empty.
The following example establishes a free-trade zone on Ethernet interface 0:
interface ethernet 0 appletalk cable-range 5-5 appletalk zone FreeAccessZone appletalk free-trade-zone
To filter GetZoneList (GZL) replies, use the appletalk getzonelist-filter interface configuration command. To remove a filter, use the no form of this command.
appletalk getzonelist-filter access-list-number
access-list-number | Number of the access list. This is a decimal number from 600 to 699. |
No filters are preconfigured.
Interface configuration
GZL filters define conditions for zones only. They cannot use access lists that define conditions for network numbers or cable ranges. All network number and cable range information in the access list assigned to an interface with the appletalk getzonelist-filter command is ignored.
Using a GZL filter is not a complete replacement for anonymous network numbers. In order to prevent users from seeing a zone, all routers must implement the GZL filter. If there are any routers from other vendors on the network, the GZL filter will not have a consistent effect.
The Macintosh Chooser uses ZIP GZL requests to compile a list of zones from which the user can select services. Any communication server on the same network as the Macintosh can respond to these requests with a GZL reply. You can create a GZL filter on the communication server to control which zones the communication server mentions in its GZL replies. This has the effect of controlling the list of zones that are displayed by the Chooser.
When defining GZL filters, you should ensure that all routers on the same internetwork filter GZL reply identically. Otherwise, the Chooser will list different zone depending upon which router responded to the request. Also, inconsistent filters can result in zones appearing and disappearing every few seconds when the user remains in the Chooser. Because of these inconsistencies, you should normally use the appletalk getzonelist-filter command only when all routers in the internetwork are our routers or communication servers, unless the other vendors' routers have a similar feature.
Replies to GZL requests are also filtered by any appletalk distribute-list out filter that has been applied to the same interface. You need to specify an appletalk getzonelist-filter command only if you want additional filtering to be applied to GZL replies. This filter is rarely needed except to eliminate zones that do not contain user services.
The following example does not include the zone Engineering in GZL replies sent out Ethernet interface 0:
access-list 600 deny zone Engineering interface Ethernet 0 appletalk getzonelist-filter 600
access-list additional-zones
access-list zone
appletalk distribute-list out
appletalk permit-partial-zones
To derive AARP table entries from incoming packets, use the appletalk glean-packets interface configuration command. To disable this function, use the no form of this command.
appletalk glean-packetsThis command has no arguments or keywords.
Enabled
Interface configuration
The communication server automatically derives AARP table entries from incoming packets. This process is referred to as "gleaning." Gleaning speeds up the process of populating the AARP table.
Our implementation of AppleTalk does not forward packets with local source and destination network addresses. This does not conform with the definition of AppleTalk in Apple Computer's Inside AppleTalk publication. However, this is designed to prevent any possible corruption of the AARP table in any AppleTalk node that is performing MAC-address gleaning.
The following example disables the building of the AARP table using information derived from incoming packets:
interface ethernet 0 appletalk address 33 no appletalk glean-packets
To allow a communication server to start functioning even if the network is misconfigured, use the appletalk ignore-verify-errors global configuration command. To disable this function, use the no form of this command.
appletalk ignore-verify-errorsThis command has no arguments or keywords.
Disabled
Global configuration
Use this command only under the guidance of a customer engineer or other service representative. A communication server that starts routing in a misconfigured network will serve only to make a bad situation worse; it will not correct other misconfigured routers.
The following example allows a communication server to start functioning without verifying network misconfiguration:
no appletalk ignore-verify-errors 0
To enable IPTalk encapsulation on an interface that already has a configured IP address, use the appletalk iptalk interface configuration command. To disable IPTalk encapsulation, use the no form of this command.
appletalk iptalk network.node zone
network.node | AppleTalk network address assigned to the interface. The argument network is the 16-bit network number, and the argument node is the 8-bit node number. Both numbers are decimal. |
zone | Name of the zone for the connected AppleTalk network. |
Disabled
Interface configuration
Use the appletalk iptalk interface subcommand to enable IPTalk encapsulation on an interface that already has a configured IP address. This command encapsulates AppleTalk in IP packets in a manner compatible with the Columbia AppleTalk Package (CAP) IPTalk and the Kinetics IPTalk (KIP) implementations.
This command allows AppleTalk communication with UNIX hosts running older versions of CAP that do not support native AppleTalk EtherTalk encapsulations. Typically, Apple Macintosh users wishing to communicate with these servers would have their connections routed through a Kinetics FastPath router running KIP (Kinetics IP) software.
This command is provided as a migration command; newer versions of CAP provide native AppleTalk EtherTalk encapsulations, and the IPTalk encapsulation is no longer required. Our implementation of IPTalk assumes that AppleTalk is already being routed on the backbone, because there is currently no LocalTalk hardware interface for our routers and communication servers.
Our implementation of IPTalk does not support manually configured AppleTalk-to-IP address mapping (atab). The address mapping provided is the same as the Kinetics IPTalk implementation when the atab facility is not enabled. This address mapping functions as follows: The IP subnet mask used on the communication server Ethernet interface on which IPTalk is enabled is inverted (ones complement). This result is then masked against 255 (0xFF hexadecimal). This is then masked against the low-order 8 bits of the IP address to obtain the AppleTalk node number.
The following example configuration illustrates how to configure IPTalk:
interface ethernet 0 ip address 131.108.1.118 255.255.255.0 appletalk address 20.129 appletalk zone Native AppleTalk appletalk iptalk 30.0 UDPZone
In this configuration, the IP subnet mask would be inverted:
255.255.255.0 inverted yields: 0.0.0.255
Masked with 255 it yields 255, and masked with the low-order 8 bits of the interface IP address it yields 118.
This means that the AppleTalk address of the Ethernet 0 interface seen in the UDPZone zone is 30.118. This caveat should be noted, however: Should the host field of an IP subnet mask for an interface be more than 8 bits wide, it will be possible to obtain conflicting AppleTalk node numbers. For instance, consider a situation where the subnet mask for the Ethernet 0 interface above is 255.255.240.0, meaning that the host field is 12 bits wide.
appletalk iptalk-baseport
To specify the UDP port number when configuring IPTalk, use the appletalk iptalk-baseport global configuration command. To return to the default UDP port number, use the no form of this command.
appletalk iptalk-baseport port-number
port-number | First UDP port number in the range of UDP ports used in mapping AppleTalk well-known DDP socket numbers to UDP ports. |
768
Global configuration
Implementations of IPTalk prior to April 1988 mapped well-known DDP socket numbers to privileged UDP ports starting at port number 768. In April 1988, the NIC assigned a range of UDP ports for the defined DDP well-known sockets starting at UDP port number 200 and assigned these ports the names at-nbp, at-rtmp, at-echo, and at-zis. Release 6 and later of the CAP program dynamically decides which port mapping to use. If there are no AppleTalk service entries in the UNIX system's /etc/services file, CAP uses the older mapping starting at UDP port number 768.
The default UDP port mapping supported by our implementation of IPTalk is 768. If there are AppleTalk service entries in the UNIX system's /etc/services file, you should specify the beginning of the UDP port mapping range with the appletalk iptalk-baseport command.
The following example sets the base UDP port number to 200, which is the official NIC port number, and configures IPTalk on Ethernet interface 0:
appletalk routing appletalk iptalk-baseport 200 ! interface ethernet 0 ip address 131.108.1.118 255.255.255.0 appletalk address 20.129 appletalk zone Native AppleTalk appletalk iptalk 30.0 UDPZone
appletalk iptalk
To specify which NBP service types are retained in the name cache, use the appletalk lookup-type global configuration command. To disable the caching of services, use the no form of this command.
appletalk lookup-type service-type
service-type | AppleTalk service types. The name of a service type can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal numbers. For zone names with a leading space character, enter the first character as the special sequence :20. For a list of possible types, see Table 17-1 in the "Usage Guidelines" section. |
The ciscoRouter entries are retained in the name cache.
Global configuration
You can issue multiple appletalk lookup-type commands. The communication server does not query the entire zone, but instead polls only the connected networks. This reduces network overhead and means that the name cache contains entries only for selected services that are in a directly connected network or zone, not for all the selected services in a network or zone.
Table 17-1 lists some AppleTalk service types.
| Service Type1 | Description |
|---|---|
| Services for Cisco Routers |
|
ciscoRouter | Active adjacent Cisco routers; this service type is initially enabled by default. |
IPADDRESS | Addresses of active MacIP server. |
IPGATEWAY | Names of active MacIP server. |
SNMP Agent | Active SNMP agents in Cisco routers. |
| Services for Other Vendors' Routers |
|
AppleRouter | Apple internet router. |
FastPath | Shiva LocalTalk gateway. |
GatorBox | Cayman LocalTalk gateway. |
systemRouter | Cisco's OEM router name. |
Workstation | Macintosh running System 7; the machine type also is defined, so it is possible to easily identify all user nodes. |
| 1Type all entries exactly as shown. Spaces are valid. Do not use leading or trailing spaces when entering service names. |
If you omit the service-type argument from the no appletalk lookup-type command, no service types except those relating to our routers and communication servers are cached.
To display information that is stored in the name cache about the services being used by our routers and other vendors' routers, use the show appletalk name-cache command.
If a neighboring router is not our communication server or is running our software that is earlier than Release 9.0, it is possible the router will be unable to determine the name of the neighbor. This is normal behavior, and there is no workaround.
If AppleTalk routing is enabled, enabling SNMP will automatically enable SNMP over DDP.
Name cache entries are deleted after several interval periods expire without being refreshed. (You set the interval with the appletalk name-lookup-interval command.) At each interval, a single request is sent via each interface that has valid addresses.
The following example caches information about GatorBox services, Apple internet routers, MacIP services, and workstations. Information about our routers and communication servers is automatically cached.
appletalk lookup GatorBox appletalk lookup AppleRouter appletalk lookup IPGATEWAY appletalk lookup Workstation
appletalk name-lookup-interval
show appletalk name-cache
show appletalk nbp
To allocate IP addresses to dynamic MacIP clients, use the appletalk macip dynamic global configuration command. To delete a MacIP dynamic address assignment, use the no form of this command.
appletalk macip dynamic ip-address [ip-address] zone server-zone
ip-address | IP address, in four-part dotted decimal notation. To specify a range, enter two IP addresses, which represent the first and last addresses in the range. |
zone server-zone | Zone in which the MacIP server resides. The argument server-zone can include special characters from the Apple Macintosh character set. To include a special character, specify a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. For a list of Macintosh characters, refer to the Apple Computer, Inc. specification Inside AppleTalk. |
No IP addresses are allocated.
Global configuration
Use the appletalk macip dynamic command when configuring MacIP.
Dynamic clients are those that accept any IP address assignment within the dynamic range specified.
In general, it is recommended that you do not use fragmented address ranges in configuring ranges for MacIP. However, if this is unavoidable, use the appletalk macip dynamic command to specify as many addresses or ranges as required and use the appletalk macip static command to assign a specific address or address range.
To shut down all running MacIP services, use the following command:
no appletalk macipTo delete a particular dynamic address assignment from the configuration, use the following command:
no appletalk macip dynamic ip-address [ip-address] zone server-zoneThe following example illustrates MacIP support for dynamically addressed MacIP clients with IP addresses in the range 131.108.1.28 to 131.108.1.44.
!This global statement specifies the MacIP server address and zone: appletalk macip server 131.108.1.27 zone Engineering ! !This global statement identifies the dynamically addressed clients: appletalk macip dynamic 131.108.1.28 131.108.1.44 zone Engineering ! !These statements assign the IP address and subnet mask for Ethernet interface 0: interface ethernet 0 ip address 131.108.1.27 255.255.255.0 ! !This global statement enables AppleTalk routing on the router. appletalk routing ! !These statements enable AppleTalk routing on the interface and !set the zone name for the interface interface ethernet 0 appletalk cable-range 69-69 69.128 appletalk zone Engineering
appletalk macip server
appletalk macip static
ip address
show appletalk macip-servers
To establish a MacIP server for a zone, use the appletalk macip server global configuration command. To shut down a MACIP server, use the no form of this command.
appletalk macip server ip-address zone server-zone
ip-address | IP address, in four-part dotted decimal notation. It is suggested that this address match the address of an existing IP interface. |
zone server-zone | Zone in which the MacIP server resides. The argument server-zone can include special characters from the Apple Macintosh character set. To include a special character, specify a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. For a list of Macintosh characters, refer to the Apple Computer, Inc. specification Inside AppleTalk. |
No MacIP server is established.
Global configuration
Use the appletalk macip server command when configuring MacIP.
You can configure only one MacIP server per AppleTalk zone, and the server must reside in the default zone. A server is not registered via NBP until at least one MacIP resource is configured.
You can configure multiple MacIP servers for a communication server, but you can assign only one MacIP server to a particular zone and only one IP interface to each MacIP server. In general, you must be able to establish an alias between the IP address you assign with the appletalk macip server command and an existing IP interface. For implementation simplicity, it is suggested that the address specified in this command match an existing IP interface address.
To shut down all active MacIP servers, use the following command:
no appletalk macipTo delete a specific MacIP server from the MacIP configuration, use the following command:
no appletalk macip server ip-address zone server-zoneThe following example establishes a MacIP server on Ethernet interface 0 in AppleTalk zone Engineering. It then assigns an IP address to the Ethernet interface and enables AppleTalk routing on the communication server and the Ethernet interface.
appletalk macip server 131.108.1.27 zone Engineering ip address 131.108.1.27 255.255.255.0 appletalk routing interface ethernet 0 appletalk cable-range 69-69 69.128 appletalk zone Engineering
appletalk macip dynamic
appletalk macip static
ip address
show appletalk macip-servers
To allocate an IP address to be used by a MacIP client that has reserved a static IP address, use the appletalk macip static global configuration command. To delete a MacIP static address assignment, use the no form of this command.
appletalk macip static ip-address [ip-address] zone server-zone
ip-address | IP address, in four-part dotted decimal format. To specify a range, enter two IP addresses, which represent the first and last addresses in the range. |
zone server-zone | Zone in which the MacIP server resides. The argument server-zone can include special characters from the Apple Macintosh character set. To include a special character, specify a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. For a list of Macintosh characters, refer to Apple Computer, Inc. specification Inside AppleTalk. |
No IP address is allocated.
Global configuration
Use the appletalk macip static command when configuring MacIP.
Static addresses are for users who require fixed addresses for IP name domain name service and for administrators who do want addresses to change so they can always know who has what IP address.
In general, it is recommended that you do not use fragmented address ranges in configuring ranges for MacIP. However, if this is unavoidable, use the appletalk macip dynamic command to specify as many addresses or ranges as required, and then use the appletalk macip static command to assign a specific address or address range.
To shut down all running MacIP services, use the following command:
no appletalk macipTo delete a particular static address assignment from the configuration, use the following command:
no appletalk macip static ip-address [ip-address] zone server-zoneThe following example illustrates MacIP support for MacIP clients with statically allocated IP addresses. The IP addresses range is from 131.108.1.50 to 131.108.1.66. The three nodes that have the specific addresses are 131.108.1.81, 131.108.1.92, and 131.108.1.101.
!This global statement specifies the MacIP server address and zone: appletalk macip server 131.108.1.27 zone Engineering ! !These global statements identify the statically addressed clients: appletalk macip static 131.108.1.50 131.108.1.66 zone Engineering appletalk macip static 131.108.1.81 zone Engineering appletalk macip static 131.108.1.92 zone Engineering appletalk macip static 131.108.1.101 zone Engineering ! !These statements assign the IP address and subnet mask for Ethernet interface 0: interface ethernet 0 ip address 131.108.1.27 255.255.255.0 ! !This global statement enables AppleTalk routing on the router. appletalk routing ! !These statements enable AppleTalk routing on the interface and !set the zone name for the interface interface ethernet 0 appletalk cable-range 69-69 69.128 appletalk zone Engineering
appletalk macip dynamic
appletalk macip server
ip address
show appletalk macip-servers
To set the interval between service pollings by the communication server on its AppleTalk interfaces, use the appletalk name-lookup-interval global configuration command. To purge the name cache and return to the default polling interval, use the no form of this command.
appletalk name-lookup-interval seconds
seconds | Interval, in seconds, between NBP lookup pollings. This can be any positive integer; there is no upper limit. It is recommended that you use an interval between 300 seconds (5 minutes) and 1200 seconds (20 minutes). The smaller the interval, the more packets are generated to handle the names. Specifying an interval of 0 purges all entries from the name cache and disables the caching of service type information that is controlled by the appletalk lookup-type command, including the caching of information about our routers and communication servers. |
0, which purges all entries from the name cache and disables the caching of service type information.
Global configuration
The communication server collects name information only for entities on connected AppleTalk networks.This reduces overhead.
If you enter an interval of 0, all polling for services (except ciscoRouter) is disabled. If you reenter a nonzero value, the configuration specified by the appletalk lookup-type command is reinstated. You cannot disable the lookup of ciscoRouter.
The following example sets the lookup interval to 20 minutes:
appletalk name-lookup-interval 1200
appletalk lookup-type
show appletalk name-cache
To permit access to the other networks in a zone when access to one of those networks is denied, use the appletalk permit-partial-zones global command. To return to the default behavior, which is to deny access to all networks in a zone if access to one of those networks is denied, use the no form of this command.
appletalk permit-partial-zonesThis command has no arguments or keywords.
Access to other networks is denied.
Global configuration
The permitting of partial zones provides IP-style access control.
When you enable the use of partial zones, the NBP protocol cannot ensure the consistency and uniqueness of name bindings.
If you enable the use of partial zones, access control behavior is compatible with that of software Release 8.3.
The following example allows partial zones:
appletalk permit-partial-zones
access-list additional zones
access-list zone
appletalk distribute-list out
appletalk getzonelist-filter
To enable the recognition of pre-FDDITalk packets, use the appletalk pre-fdditalk global configuration command. To disable this function, use the no form of this command.
appletalk pre-fdditalkThis command has no arguments or keywords.
Pre-FDDITalk packets are not recognized.
Global configuration
Use this command to have the communication server recognize AppleTalk packets sent on the FDDI ring from routers running Cisco software releases prior to Release 9.0(3) or Release 9.1(2).
The following example disables the recognition of pre-FDDITalk packets:
no appletalk pre-fdditalk
To specify the routing protocol to use on an interface, use the appletalk protocol interface configuration command. To disable a routing protocol, use the no form of this command.
appletalk protocol {aurp | eigrp | rtmp}
RTMP
Interface configuration
You can configure an interface to use both RTMP and Enhanced IGRP. If you do so, route information learned from Enhanced IGRP will take precedence over information learned from RTMP. The communication server will, however, continue to send out RTMP routing updates.
Enabling AURP automatically disables RTMP.
You can enable AURP only on tunnel interfaces.
The following example enables AppleTalk Enhanced IGRP on serial interface 0:
interface serial 0 appletalk protocol eigrp
The following example disables RTMP on serial interface 0:
interface serial 0 no appletalk protocol rtmp
The following example enables AURP on tunnel interface 1:
interface tunnel 1 appletalk protocol aurp
appletalk routing
To assign a proxy network number for each zone in which there is a router that supports only nonextended AppleTalk, use the appletalk proxy-nbp global configuration command. To delete the proxy, use the no form of this command.
appletalk proxy-nbp network-number zone-name
network-number | Network number of the proxy. It is a 16-bit decimal number and must be unique on the network. This is the network number that will be advertised by the communication server as if it were a real network number. |
zone-name | Name of the zone that contains the routers that support only nonextended AppleTalk. The name can include special characters from the Apple Macintosh character set. To include a special character, type a colon followed by two hexadecimal characters. For zone names with a leading space character, enter the first character as the special sequence :20. |
No proxy network number is assigned.
Global configuration
The appletalk proxy-nbp command provides compatibility between AppleTalk Phase 1 and AppleTalk Phase 2 networks.
Proxy routes are included in outgoing RTMP updates as if they were directly connected routes, although they are not really directly connected, since they are not associated with any interface. Whenever an NBQ BrRq for the zone in question is generated by anyone anywhere in the Internet, an NBP FwdReq is directed to any router connected to the proxy route. The Phase 2 router which is the only router directly connected converts the FwdReq to LkUps, which are understood by Phase 1 routers, and sends them to every network in the zone.
In an environment in which there are Phase 1 and Phase 2 networks, you must specify at least one appletalk proxy-nbp command for each zone that has a nonextended-only AppleTalk communication server.
The proxy network number you assign with the appletalk proxy-nbp command cannot also be assigned to a communication server, nor can it also be associated with a physical network.
You need to assign only one proxy network number for each zone. However, you can define additional proxies with different network numbers to provide redundancy. Each proxy generates one or more packets for each forward request it receives. All other packets sent to the proxy network address are discarded. Defining redundant proxy network numbers increases the NBP traffic linearly.
The following example defines network number 60 as an NBP proxy for the zone Twilight:
appletalk proxy-nbp 60 Twilight
To prevent the advertisement of routes (network numbers or cable ranges) that have no assigned zone, use the appletalk require-route-zones global configuration command. To disable this option and allow the communication server to advertise to its neighbors routes that have no network-zone association, use the no form of this command.
appletalk require-route-zonesThis command has no arguments or keywords.
Enabled
Global configuration
The appletalk require-route-zones command ensures that all networks have zone names prior to advertisement to neighbors.
The no appletalk require-route-zones command enables router behavior compatible with software Release 8.3.
Using this command helps prevent ZIP protocol storms. ZIP protocol storms can arise when corrupt routes are propagated and routers broadcast ZIP requests to determine the network/zone associations.
When the appletalk require-route-zones command is enabled, the communication server will not advertise a route to its neighboring routers until it has obtained the network/zone associations. This effectively limits the storms to a single network rather than the entire internet.
As an alternative to disabling this option, use the appletalk getzonelist-filter interface configuration command to filter empty zones from the list presented to users.
You can configure different zone lists on different interfaces. However, you are discouraged from doing this because AppleTalk users expect to have the same user zone lists at any end node in the internet.
The filtering provided by the appletalk require-route-zones command does not prevent explicit access via programmatic methods, but should be considered a user optimization to suppress unused zones. You should use other forms of AppleTalk access control lists to actually secure a zone or network.
The following example configures a communication server to prevent the advertisement of routes that have no assigned zone:
appletalk require-route-zones
To enable fast switching on all supported interfaces, use the appletalk route-cache interface configuration command. To disable fast switching, use the no form of this command.
appletalk route-cacheThis command has no arguments or keywords.
Enabled on all interfaces that support fast switching
Interface configuration
Fast switching allows higher throughput by switching a packet using a cache created by previous packets. Fast switching is enabled by default on all interfaces that support fast switching, including Token Ring, Frame Relay, and PPP. Note that fast switching is not supported over X.25 and LAPB encapsulations, or on the CSC-R16, CSC-1R, or CSC-2R STR Token Ring adapters.
Packet transfer performance is generally better when fast switching is enabled. However, you may want to disable fast switching in order to save memory space on interface cards and to help avoid congestion when high-bandwidth interfaces are writing large amounts of information to low-bandwidth interfaces.
For serial lines, fast switching is supported on extended serial lines with HDLC encapsulation only. It is not supported on nonextended serial lines.
The following example disables fast switching on an interface:
interface ethernet 0 appletalk cable-range 10-20 appletalk zone Twilight no appletalk route-cache
show appletalk cache
To redistribute RTMP routes into AppleTalk Enhanced IGRP and vice versa, use the appletalk route-redistribution global configuration command. To keep Enhanced IGRP and RTMP routes separate, use the no form of this command.
appletalk route-redistributionThis command has no arguments or keywords.
Enabled when Enhanced IGRP is enabled.
Global configuration
Redistribution allows routing information generated by one protocol to be advertised in another.
In the automatic redistribution of routes between Enhanced IGRP and RTMP, an RTMP hop is treated as having a slightly worse metric than an equivalent Enhanced IGRP hop on a 9.6-kilobit link. This allows Enhanced IGRP to be preferred over RTMP except in the most extreme of circumstances. Typically, you will see this only when using tunnels. If you want an Enhanced IGRP path in a tunnel to be preferred over an alternate RTMP path, you should set the interface delay and bandwidth parameters on the tunnel to bring the metric of the tunnel down to being better than a 9.6-kilobit link.
In the following example, RTMP routing information is not redistributed:
appletalk routing eigrp 23 no appletalk route-redistribution
To enable AppleTalk routing, use the appletalk routing global configuration command. To disable AppleTalk routing, use the no form of this command.
appletalk routing [eigrp router-number]
eigrp router-number | (Optional) Specifies the Enhanced IGRP routing protocol. The argument router-number is the router ID. It can be a decimal integer from 1 to 65535. It must be unique in your AppleTalk Enhanced IGRP internetwork. |
AppleTalk routing is disabled.
Global configuration
If you do not specify the optional keyword and argument, this command enables AppleTalk routing using the RTMP routing protocol.
You can configure multiple AppleTalk Enhanced IGRP processes on a communication server. To do so, assign each a different router ID number. (Note that IP and IPX Enhanced IGRP use an autonomous system number to enable Enhanced IGRP, while AppleTalk Enhanced IGRP uses a router ID.)
If you configure a communication server with a router number that is the same as that of a neighboring router, the communication server will refuse to start AppleTalk Enhanced IGRP on interfaces that connect with that neighboring router.
The following example enables AppleTalk protocol processing on the communication server:
appletalk routing
The following example enables AppleTalk Enhanced IGRP routing on communication server number 22:
appletalk routing eigrp 22
appletalk address
appletalk cable-range
appletalk protocol
appletalk zone
To allow a communication server to send routing updates to its neighbors, use the appletalk send-rtmps interface configuration command. To block updates from being sent, use the no form of this command.
appletalk send-rtmpsThis command has no arguments or keywords.
Routing updates are sent.
Interface configuration
Use this command to ensure that a new internal network, created with the arap network command, is advertised.
If you block the sending of routing updates, an interface on the network that has AppleTalk enabled is not "visible" to other routers on the network.
The following example prevents a communication server from sending routing updates to its neighbors:
no appletalk send-rtmps
appletalk require-route-zones
appletalk strict-rtmp-checking
appletalk timers
To define a static route on an extended network, use the appletalk static cable-range global configuration command. To remove a static route, use the no form of this command.
appletalk static cable-range cable-range to network.node zone zone-name
cable-range | Cable range value. The argument specifies the start and end of the cable range, separated by a hyphen. These values are decimal number from 0 to 65279. The starting network number must be less than or equal to the ending network number. |
network.node | Apple |