Monitoring IPX on Cisco Routers 415 equal-cost lines, without regard to the destination. However, if you want to ensure that all packets sent to a destination or host will always go over the same line, use the IPX per-host-load-share command. The ipx maximum-paths command is shown below. It tells the IPX RIP protocol to perform a round-robin load balance across two equal costs paths. Router#config t Router(config)#ipx maximum-paths 2 Router(config)#^Z Router#sh ipx route Codes: C - Connected primary network, c - Connected [output cut] 5 Total IPX routes. Up to 2 parallel paths and 16 hops allowed. [output cut] The show ipx route command shows that two parallel paths are now supported. Show IPX Traffic The show ipx traffic command gives you a summary of the number and type of IPX packets received and transmitted by the router. Notice that this command will show you both the IPX RIP and SAP update packets. 2501A#sh ipx traffic System Traffic for 0.0000.0000.0001 System-Name: RouterA Rcvd: 15 total, 0 format errors, 0 checksum errors, 0 bad hop count, 0 packets pitched, 15 local destination, 0 multicast Bcast: 10 received, 249 sent Sent: 255 generated, 0 forwarded 0 encapsulation failed, 0 no route SAP: 1 SAP requests, 0 SAP replies, 0 servers 0 SAP Nearest Name requests, 0 replies 0 SAP General Name requests, 0 replies 0 SAP advertisements received, 0 sent 0 SAP flash updates sent, 0 SAP format errors Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 416 Chapter 8 Configuring Novell IPX RIP: 1 RIP requests, 0 RIP replies, 6 routes 8 RIP advertisements received, 230 sent 12 RIP flash updates sent, 0 RIP format errors Echo: Rcvd 0 requests, 5 replies Sent 5 requests, 0 replies 0 unknown: 0 no socket, 0 filtered, 0 no helper 0 SAPs throttled, freed NDB len 0 Watchdog: 0 packets received, 0 replies spoofed Queue lengths: IPX input: 0, SAP 0, RIP 0, GNS 0 SAP throttling length: 0/(no limit), 0 nets pending lost route reply More— Remember that the show ipx traffic command shows you the statistics for IPX RIP and SAP information received on the router. If you wanted to view the statistics of RIP and SAP information received only on a specific interface, use the next command we discuss: show ipx interface. Show IPX Interfaces The show ipx interfaces command gives you the interface status of IPX and the IPX parameters configured on each interface. The show ipx interface e0 command shows you the IPX address and encapsulation type of the interface. If you use the show interface e0 command, remember that it does not provide the IPX address of the interface, only the IP address. 2501A#sh ipx int e0 Ethernet0 is up, line protocol is up IPX address is 10.0000.0c8d.5c9d, NOVELL-ETHER [up] Delay of this IPX network, in ticks is 1 throughput 0 link delay 0 IPXWAN processing not enabled on this interface. IPX SAP update interval is 1 minute(s) IPX type 20 propagation packet forwarding is disabled Incoming access list is not set Outgoing access list is not set Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Monitoring IPX on Cisco Routers 417 IPX helper access list is not set SAP GNS processing enabled, delay 0 ms, output filter list is not set SAP Input filter list is not set SAP Output filter list is not set SAP Router filter list is not set Input filter list is not set Output filter list is not set Router filter list is not set Netbios Input host access list is not set Netbios Input bytes access list is not set Netbios Output host access list is not set Netbios Output bytes access list is not set Updates each 60 seconds, aging multiples RIP: 3 SAP: 3 SAP interpacket delay is 55 ms, maximum size is 480 bytes RIP interpacket delay is 55 ms, maximum size is 432 bytes More— This command shows you the RIP and SAP information received on a cer- tain interface. The show ipx traffic command shows the RIP and SAP information received on the router in whole. Show Protocols There is one more command that shows the IPX address and encapsulation type of an interface: the show protocols command. This command shows the routed protocols configured on your router and the interface addresses. Here is the show protocol command run on the 2501A router: 2501A#sh protocols Global values: Internet Protocol routing is enabled IPX routing is enabled Ethernet0 is up, line protocol is up Internet address is 172.16.10.1/24 IPX address is 10.0060.7015.63d6 (NOVELL-ETHER) Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 418 Chapter 8 Configuring Novell IPX IPX address is 10A.0060.7015.63d6 (SAP) Ethernet0.10 is up, line protocol is up IPX address is 10B.0060.7015.63d6 Ethernet0.100 is up, line protocol is up IPX address is 10C.0060.7015.63d6 Serial0 is up, line protocol is up Internet address is 172.16.20.1/24 IPX address is 20.0060.7015.63d6 Notice that you can see all configured interfaces addresses, even for the subinterfaces. However, although the primary, secondary, and subinterfaces show the interface addresses, the subinterfaces do not show the encapsula- tion types. Remember, there are only two commands that show you the IPX address of an interface: show ipx interface and show protocols. Debug IPX The debug ipx commands show you IPX as it’s running through your inter- network. It’s noteworthy that you can see the IPX RIP and SAP updates with this command, but be careful—it can consume your precious CPU if you don’t use it wisely. The two commands that are the most useful with IPX are debug ipx routing activity and debug ipx sap activity, as shown in the router output below: RouterA#debug ipx routing ? activity IPX RIP routing activity events IPX RIP routing events Let’s take a look at each command. Debug IPX Routing Activity The debug ipx routing activity command shows information about IPX routing updates that are transmitted or received on the router. RouterA#debug ipx routing act IPX routing debugging is on RouterA# Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Monitoring IPX on Cisco Routers 419 IPXRIP: update from 20.00e0.1ea9.c418 50 in 2 hops, delay 13 40 in 1 hops, delay 7 IPXRIP: positing full update to 10.ffff.ffff.ffff via Ethernet0 (broadcast) IPXRIP: src=10.0000.0c8d.5c9d, dst=20.ffff.ffff.ffff, packet sent network 50, hops 3, delay 14 network 40, hops 2, delay 8 network 30, hops 1, delay 2 network 20, hops 1, delay 2 network 10, hops 1, delay 2 You can turn this command off by using undebug all (un al, for short), or you can type the whole command as demonstrated below: RouterA#undebug ipx routing act IPX routing debugging is off RouterA# Debug IPX SAP Activity The debug ipx sap activity command shows you the IPX SAP packets that are transmitted and received on your router. SAPs are broadcast over every active interface every 60 seconds, just as IPX RIP is. Each SAP packet shows up as multiple lines in the debug output. In the router output below, the first two lines are IPX SAPs; the other four lines are a packet summary and service detail message. RouterA#debug ipx sap activity 05:31:18: IPXSAP: positing update to 1111.ffff.ffff.ffff via Ethernet0 (broadcast) (full) 02:31:18: IPXSAP: Update type 0x2 len 288 src:1111.00e0.2f5d.bf2e dest:1111.ffff.ffff.ffff(452) 02:31:18: type 0x7, ” MarketingPrint ", 10.0000.0000.0001(451), 2 hops 02:31:18: type 0x4, "SalesFS", 30.0000.0000.0001(451), 2 hops 02:31:18: type 0x4, "MarketingFS", 30.0000.0000.0001(451), 2 hops Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 420 Chapter 8 Configuring Novell IPX 02:31:18: type 0x7, "SalesFS", 50.0000.0000.0001(451), 2 hops You can turn the debug command off by using undebug all (un al, for short), or you can type the whole command as demonstrated below: RouterA#undebug ipx sap activity IPX routing debugging is off RouterA#IPX Ping By either telnetting into a remote router or using the show cdp neighbor detail or show cdp entry * commands, you can find the IPX address of a neighbor router. This will allow you to ping that address with IPX and test your internetwork. You can ping an IPX address from a router through a regular ping or through an extended ping. The following command was run on Router C and was used to find the IPX network address for Router B. RouterC#sh cdp entry * Device ID: RouterB Entry address(es): IP address: 172.16.40.1 Novell address: 40.0000.0c8d.5c9d Platform: cisco 2500, Capabilities: Router Interface: Serial0, Port ID (outgoing port): Serial1 Holdtime : 155 sec Now that you have the IPX address for Router B, you can ping the router. You can use the ping ipx [address] command from any router prompt, as shown below: RouterC#ping ipx 40.0000.0c8d.5c9d Sending 5, 100-byte IPX Novell Echoes to 40.0000.0c8d.5c9d , timeout is 2 seconds: !!!!! Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Summary 421 You can also use an extended ping, which has more capabilities than a standard ping. RouterC#ping Protocol [ip]: ipx Target IPX address: 40.0000.0c8d.5c9d Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Verbose [n]: Novell Standard Echo [n]: y Type escape sequence to abort. Sending 5, 100-byte IPX Novell Echoes to 40.0000.0c8d.5c9d , timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/12 ms Summary In this chapter, we covered the following points: The required IPX address and encapsulation types and the frame types that Cisco routers can use when running IPX. How to enable the Novell IPX protocol and configure router inter- faces. We talked about and gave examples of how to configure IPX on Cisco routers and its interfaces. How to monitor the Novell IPX operation on the router. We covered some basic tools for monitoring IPX on your routers. The two parts of network addressing and these parts in specific pro- tocol address examples. The IPX host address and the different parts of this address. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 422 Chapter 8 Configuring Novell IPX Key Terms Be sure you’re familiar with the following terms before taking the exam: connection ID encapsulation framing socket virtual circuit Commands in This Chapter Command Description debug ipx Shows the RIP and SAP information as it passes through the router. encapsulation Sets the frame type used on an interface. int e0.10 Creates a subinterface. ipx network Assigns an IPX network number to an interface. ipx ping Is a Packet Internet Groper used to test IPX packet on an internetwork. ipx routing Turns on IPX routing. secondary Adds a second IPX network on the same physical interface. show ipx interface Shows the RIP and SAP information being sent and received on an individual interface. Also shows the IPX address of the interface. show ipx route Shows the IPX routing table. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com Summary 423 Command Description show ipx servers Shows the SAP table on a Cisco router. show ipx traffic Shows the RIP and SAP information sent and received on a Cisco router. show protocols Shows the routed protocols and the addresses on each interface. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com 424 Chapter 8 Configuring Novell IPX Written Lab In this section, you will write out the answers to the following IPX related questions. 1. Write the command that lets you view your configured routed proto- cols on your router. 2. Write the command to enable the IPX-routed protocol. 3. Write the command that enables IPX on individual interfaces. Config- ure an Ethernet 0 interface with IPX network 11, Token Ring with IPX network 15, and serial 0 with IPX network 20. 4. Write the command that lets you see the IPX routing table. 5. Write the two commands you can use to see the IPX address of an interface. 6. Write the two commands that will find your neighbor’s IPX address. 7. Add the Ethernet_II frame type to an Ethernet 0 interface, but don’t use a subinterface to accomplish this. Use IPX network number 11a. 8. Add the 802.2 and SNAP frame types to an Ethernet 0 interface using subinterfaces. Use 11b and 11c IPX network numbers. 9. Write the commands that you can use to verify your IPX configuration. Copyright ©2000 SYBEX , Inc., Alameda, CA www.sybex.com [...]... RouterA(config)#access-list 10 deny 172 .16.16.0 0.0 .7. 255 The next example starts at network 172 .16.32.0 and goes up a block size of 32 to 172 .16.63.0 RouterA(config)#access-list 10 deny 172 .16.32.0 0.0.31.255 Copyright ©2000 SYBEX , Inc., Alameda, CA www .sybex. com 446 Chapter 9 Managing Traffic with Access Lists The last example starts at network 172 .16.64.0 and goes up a block size of 64 to 172 .16.1 27. 0 RouterA(config)#access-list... list example with three LANs and a WAN connection Finance 172 .16.10.0 Server 172 .16.10.5 E0 Marketing 172 .16.30.0 E1 S0 E2 Sales 172 .16.40.0 Copyright ©2000 SYBEX , Inc., Alameda, CA www .sybex. com Internet Access Lists 4 47 On the Acme router, the following standard IP access list is applied: Acme#config t Acme(config)#access-list 10 deny 172 .16.40.0 0.0.0.255 Acme(config)#access-list 10 permit any... RouterA(config)#access-list 10 deny 172 .16.0.0 0.0.255.255 Try to figure out this next line: RouterA(config)#access-list 10 deny 172 .16.16.0 0.0.3.255 The above configuration tells the router to start at network 172 .16.16.0 and use a block size of 4 The range would then be 172 .16.16.0 through 172 .16.19.0 The example below shows an access list starting at 172 .16.16.0 and going up a block size of 8 to 172 .16.23.0 RouterA(config)#access-list... FDDI, and Token Ring Copyright ©2000 SYBEX , Inc., Alameda, CA www .sybex. com Review Questions 433 13 Which commands, at a minimum, must be used to enable IPX net- working? A IPX routing, IPX number, network 79 0 B IPX routing, int e0, IPX network number 980 C IPX routing, int e0, IPX network 77 790 encapsulation arpa D IPX routing, IPX encapsulation SAP, int e0, network 78 9 14 What is the default encapsulation... network that is in the range from 172 .16.8.0 through 172 .16.15.0 That is a block size of 8 Your network number would be 172 .16.8.0, and the wildcard would be 0.0 .7. 255 Whoa! What is that? The 7. 255 is what the router uses to determine the block size The network and wildcard tell the router to start at 172 .16.8.0 and go up a block size of eight addresses to network 172 .16.15.0 It is actually easier than... example of using the host command: RouterA(config)#access-list 10 deny host 172 .16.30.2 This tells the list to deny any packets from host 172 .16.30.2 The default command is host In other words, if you type access-list 10 deny 172 .16.30.2, the router assumes you mean host 172 .16.30.2 Copyright ©2000 SYBEX , Inc., Alameda, CA www .sybex. com 444 Chapter 9 Managing Traffic with Access Lists However, there... on your router Copyright ©2000 SYBEX , Inc., Alameda, CA www .sybex. com Chapter 9 Managing Traffic with Access Lists THE CCNA EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING: Configure IP and IPX standard access lists Configure IP and IPX extended access lists Configure IPX SAP filters Monitor and verify access lists Copyright ©2000 SYBEX , Inc., Alameda, CA www .sybex. com T he proper use and... int e100.0 C config t, 24000 e0 D config t, 24000 e100 Copyright ©2000 SYBEX , Inc., Alameda, CA www .sybex. com Review Questions 431 5 Given the IPX address 71 .00A0.2494.E939, which of the following is the associated IPX network and node address? A Net 00a0 node 2494 E939 B Net 71 node 00a0.2494.e939 C Net 00A0.2494 node E939 D Net 71 00a0 Node 2494.e939 6 If you bring up a new NetWare server and the... example of allowing only host 172 .16.10.3 to telnet into a router: RouterA(config)#access-list 50 permit 172 .16.10.3 RouterA(config)#line vty 0 4 RouterA(config-line)#access-class 50 in Because of the implied deny any at the end of the list, the access list stops any host from telnetting into the router except the host 172 .16.10.3 Copyright ©2000 SYBEX , Inc., Alameda, CA www .sybex. com 448 Chapter 9 Managing... more than one link to a remote network (The IPX protocol, by default, only looks for one route to a remote network Once it finds a valid route, it will not consider looking for another route, even if a second route exists.) 11 Verify this command with the show ipx route command Copyright ©2000 SYBEX , Inc., Alameda, CA www .sybex. com Hands-on Labs 4 27 Lab 8.2: Adding Secondary Network Addresses and Multiple . is 172 .16.10.1/24 IPX address is 10.0060 .70 15.63d6 (NOVELL-ETHER) Copyright ©2000 SYBEX , Inc., Alameda, CA www .sybex. com 418 Chapter 8 Configuring Novell IPX IPX address is 10A.0060 .70 15.63d6. 10B.0060 .70 15.63d6 Ethernet0.100 is up, line protocol is up IPX address is 10C.0060 .70 15.63d6 Serial0 is up, line protocol is up Internet address is 172 .16.20.1/24 IPX address is 20.0060 .70 15.63d6 Notice. ©2000 SYBEX , Inc., Alameda, CA www .sybex. com 420 Chapter 8 Configuring Novell IPX 02:31:18: type 0x7, "SalesFS", 50.0000.0000.0001(451), 2 hops You can turn the debug command off by