Installation and Getting Started Guide

The [<network-mask>.<node-mask>] parameter lets you specify a comparison mask for the network and node. The mask consists of zeros (0) and ones (f). Ones indicate significant bits. For example, to configure a mask that matches on network abcdefxx, where xx can be any value and the node address can be any value, specify the following mask: ffffff00.0000.0000.0000

NOTE: To apply an ACL for filtering GNS replies to an interface, you must use the ipx output-gns-filtercommand instead of the ipx sap-filter-groupcommand. See “Filter GNS Replies” on page 14-10.

The in out parameter of the ipx sap-filter-groupcommand specifies whether the ACLs apply to incoming traffic or outgoing traffic.

USING THE WEB MANAGEMENT INTERFACE

You cannot configure a SAP access list using the Web management interface.

Enable Round-Robin GNS Replies

By default, the routing switch replies to a GNS request with the most recently learned server supporting the requested service. You configure the routing switch to instead use round-robin to rotate among servers of a given service type when responding to GNS requests. To do so, use one of the following methods.

USING THE CLI

To enable the routing switch to use round-robin to select servers for replies to GSN requests, enter the following commands:

HP9300(config)# ipx gns-round-robin

HP9300(config)# write memory

Syntax: [no] ipx gns-round-robin

USING THE WEB MANAGEMENT INTERFACE

You cannot enable round-robin for GNS replies using the Web management interface.

Filter GNS Replies

You can use IPX access lists to permit or deny specific services and servers in GNS replies to specific IPX nodes (hosts). To do so, use either of the following methods to configure IPX access lists that include service and server information, then apply them to specific ports.

USING THE CLI

To configure IPX ACLs and apply them to a port to control responses to GNS requests on that port, enter commands such as the following:

HP9300(config)# router ipx

 

 

 

HP9300(config-ipx-router)#

ipx sap-access-list 2 deny efff 47

Prt0

HP9300(config-ipx-router)#

ipx sap-access-list 20

deny aaaa.bbbb.cccc.dddd 47 Prt1

HP9300(config-ipx-router)#

ipx sap-access-list 32

permit -1 0

 

HP9300(config-ipx-router)#

exit

 

 

HP9300(config)# int e 1/1

 

 

 

HP9300(config-if-1/1)# ipx

output-gns-filter 10 20 32

 

HP9300(config-if-1/1)# write memory

The commands in this example configure three ACLs. Two of the ACLs contain server network, service type, and server information and deny reporting these servers to the clients. For example, ACL 2 does not permit the routing switch from sending server “Prt0” with network efff in GNS replies to the client.

ACL 32 changes the default action from deny to permit. All GNS replies that are not explicitly denied by other ACLs are permitted by this one.

Syntax: [no] ipx sap-access-list <num> deny permit <network>[.<node>] [<network-mask>.<node-mask>] [<service-type> [<server-name>]]

14 - 10