Lecture Notes For CCNA

CHAPTER 4 - NETWORK PROTOCOLS

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Monitoring ipx

show ipx servers = display servers - shows SAP table
show ipx route - lists directly connected px networks, then discovered
show ipx traffic - stats &types, inc rip/sap
show ipx interface - ipx address, hardware address, encapsulation type
NB show interface does not give ipx address, show protocol does show ipx addresses
debug ipx - display ipx live - rip / sap updates etc..  undebug to stop

ping can ping ipx devices

ping
[ip] ipx
5200.0000.0c3f.1d86
repeat [5]
size [100]
timeout [2]
verbose [n]
IP
22 bit subnet mask means add  22 bits to class's mask, eg class a -> 255.255.255.252
ping results :
U unreachable
C congested
I interrupted
? unknown packet type
& ttl exceeded
tracert results
!h router received nut did not forward (access list)
P protocol unreachable
N network unreachable
U port unreachable
* timeout

IPX encapsulation

802.3 - novell_ether
802.2 - sap
eth_e - arpa
snap - snap
token ring - sap
tr_snap - snap
fddi_snap - snap
fddi_802.2 - sap
fddi_raw - novell-fddi
ipx config
config t
int e0
ipx network ######## encapsulation [type] [secondary]
adding secondary allows more than 1 frame type
alternative use sub interface : int e0.[0-32bit value]
ipx maximum-paths 2 [1 upto 64] to allow more than 1 ipx route to dest.  assumes 1
if more than 1 route it will roundrobin between unless IPX per-host-load-share is on

Serial interfaces do not use these encap. types

TCP/IP TRANSPORT LAYER

tcp =connection oriented full duplex, reliable, accurate
udp = no virt circuit, low overhed, connectionless, unsequenced, unreliable

TCP/IP INTERNET LAYER IN DD

ip
arp
rarp
boot
icmp - management protocol
dest unreachable
buffer full
hops exceeded
ping
trace [rt]
type 0x01h

IPX access lists

standard

access-list [number] [permit / deny] [source] [dest]
access-list ? gives list of numbers
800-899 = standard ipx
eg access-list 810 permit 30 10
     access-list 810 deny 50 10
allows net 30 access to 10 but 50 not allowed access to 10
all other networks denied access to 10 too
other way:
access-list 811 deny 50 10
access-list 811 permit -1 -1
int e0
ipx access-group 811 out
^z
-1 in ipx list =ip "any"

extended

access-list [no.] permit / deny] [protocol] [source] [socket] [dest] [socket]
900-999 = ex ipx.
access-list 910  permit -1 -1 0 -1 0 log
can now filter on sap, ipx, spx, socket no. etc.

if any access list in usethen automatic deny any atend of list

sap filters
access-list [#] [perm  deny] [source] service type
1000-1099 = sap filter
config t
access-list 1010 permit [ipx no.].mac.mac.mac 0
0 matche all services
int e0
ipx input-sap-filter 1010
^z

Apply access list to port with

config t
int s0
ipx access-group # [in/out]

Comments

Popular posts from this blog

Structure of ‘C’ Program

DOEACC ‘O’ Level Course