IPX SAP Filter

IPX SAP Filter

Syntax Description

Usage Guidelines

Allowing Non-Filtered Routing Packets

IPX SAP Filter

This section allows you to define, edit and name a set of IPX SAP filtering rules. This allows the device to filter inbound IPX servers received via broadcast advertisements and output servers advertised from the device. These filter rules are global to the device and are not associated with a particular interface. However, they can be restricted to an interface using the from or to modifiers in the rule.

edit config IPX SAP Filter "Name"

Syntax Description

"Name"

A unique name, up to 16 characters with spaces allowed, for this filter set.

"Name"	A unique name, up to 16 characters with spaces allowed, for this filter set.

Usage Guidelines

The rules are applied in the order they were written. When you select multiple filter sets, they are read from first to last as you entered them.

Allowing Non-Filtered Routing Packets

Any server not explicitly allowed by the rules will not be included in the SAP table or in the SAP update. To allow all other servers not filtered, the last rule must be:

permit

Filter Rule Syntax

After entering the edit config command, and then the append command, enter one or more filter rules using the following syntax:

{permit | deny}[type operator server_type]
[server operator "server_name"]
[network operator network_number]
[node operator node_address]
[socket operator socket_number]
[in | out | both]
[{from | to} {ipx_internet_address | port}
[{metricin | metricout} metric]
[log]

Options

permit | deny

permit specifies that server information that meets the conditions are included in the SAP table.

deny specifies that server information that meets the conditions are not included in the SAP table.

operator

Specifies a range of the characteristic to compare to the packet's characteristics. For example, if you specify type = FFFFFFFE, then all packets with the source network FFFFFFFE are filtered. The operator can have one of the following functions:

Equals. Use one of the following arguments:

eq

==

=

Less Than. Use one of the following arguments:

lt

<

Less Than or Equal To. Use one of the following arguments:

lteq

le

<=

=<

Greater Than. Use one of the following arguments:

gt

>

Greater Than or Equal To. Use one of the following arguments:

gteq

ge

>=

=>

Does not Equal. Use one of the following arguments:

ne

<>

!=

type operator server_type

This option allows filtering of the server type contained in the SAP update tuple. The server_type is specified as a hex value. The keyword all may be used to specify all server types.

server operator "server_name"

This option allows filtering of the server name contained in the SAP update tuple. The server_name must be enclosed in quotation marks ("") and be 48 characters or less. This option can only use the Equals and Does not Equal operators.

network operator network_number

This option allows filtering of the server network number contained in the SAP table. The network_number is specified as a hex value in the range of 1 to FFFFFFFE. The keyword all may be used to specify all network numbers.

node operator node_address

This option allows filtering of the server node address contained in the SAP table. The node_address is specified as an Ethernet address. An Ethernet address is specified as six hexadecimal octets separated by colons (:) or dots (.). An example would be 0:0:A5:0:0:1 or 0.0.A5.0.0.1. The keyword all may be used to specify all node addresses.This option can only use the Equals and Does not Equal operators.

socket operator socket_number

This rule allows filtering of the server socket contained in the SAP table. The server socket_number is specified as a hex value. The keyword all may be used to specify all socket numbers.

in | out | both

Specifies the packet direction for which the rule is applied. This modifier is required since the IPX SAP filtering rules are global to the device.

In applies filter rules only to incoming server information.

Out applies filter rules only to outgoing server information.

Both, the default, applies filter rules to incoming and outgoing server information.

{from | to} {ipx_internet_address | port}

Applies the filter only to routing packets from or to a specific IPX network or port, where:

ipx_internet_address is specified as a hexadecimal network number and node number separated by a dash (e.g., A011-0:0:A5:0:0:1 indicates a node with the hexadecimal network number of A011 and a node address of 0:0:A5:0:0:1).

port is:

{Ethernet | WAN} slot:port

{metricin | metricout} metric

Allows the metric on incoming or outgoing routes to be incremented or decremented. The metric is the number of routers on a route. By increasing or decreasing the metric, a particular route can be made more or less attractive. metric must be a decimal number between 1 and 15.

log

The log option causes the device to log data about the packet to syslog when the condition of the rule is met. See the Logging section for more information about logging.

permit \| deny	permit specifies that server information that meets the conditions are included in the SAP table. deny specifies that server information that meets the conditions are not included in the SAP table.
operator	Specifies a range of the characteristic to compare to the packet's characteristics. For example, if you specify type = FFFFFFFE, then all packets with the source network FFFFFFFE are filtered. The operator can have one of the following functions:
	Equals. Use one of the following arguments: eq == = Less Than. Use one of the following arguments: lt < Less Than or Equal To. Use one of the following arguments: lteq le <= =<	Greater Than. Use one of the following arguments: gt > Greater Than or Equal To. Use one of the following arguments: gteq ge >= => Does not Equal. Use one of the following arguments: ne <> !=
type operator server_type	This option allows filtering of the server type contained in the SAP update tuple. The server_type is specified as a hex value. The keyword all may be used to specify all server types.
server operator "server_name"	This option allows filtering of the server name contained in the SAP update tuple. The server_name must be enclosed in quotation marks ("") and be 48 characters or less. This option can only use the Equals and Does not Equal operators.
network operator network_number	This option allows filtering of the server network number contained in the SAP table. The network_number is specified as a hex value in the range of 1 to FFFFFFFE. The keyword all may be used to specify all network numbers.
node operator node_address	This option allows filtering of the server node address contained in the SAP table. The node_address is specified as an Ethernet address. An Ethernet address is specified as six hexadecimal octets separated by colons (:) or dots (.). An example would be 0:0:A5:0:0:1 or 0.0.A5.0.0.1. The keyword all may be used to specify all node addresses.This option can only use the Equals and Does not Equal operators.
socket operator socket_number	This rule allows filtering of the server socket contained in the SAP table. The server socket_number is specified as a hex value. The keyword all may be used to specify all socket numbers.
in \| out \| both	Specifies the packet direction for which the rule is applied. This modifier is required since the IPX SAP filtering rules are global to the device. In applies filter rules only to incoming server information. Out applies filter rules only to outgoing server information. Both, the default, applies filter rules to incoming and outgoing server information.
{from \| to} {ipx_internet_address \| port}	Applies the filter only to routing packets from or to a specific IPX network or port, where: ipx_internet_address is specified as a hexadecimal network number and node number separated by a dash (e.g., A011-0:0:A5:0:0:1 indicates a node with the hexadecimal network number of A011 and a node address of 0:0:A5:0:0:1). port is: {Ethernet \| WAN} slot:port
{metricin \| metricout} metric	Allows the metric on incoming or outgoing routes to be incremented or decremented. The metric is the number of routers on a route. By increasing or decreasing the metric, a particular route can be made more or less attractive. metric must be a decimal number between 1 and 15.
log	The log option causes the device to log data about the packet to syslog when the condition of the rule is met. See the Logging section for more information about logging.

Examples

In the following example, the "servers" rule set denies server advertisements from network 1ABC0 and servers with the name "Printer" which come into the device on Ethernet 0. It also denies server advertisements from network FAB4 out on Ethernet 1. The final rule is to permit everything else.

deny network = 1ABC0 in from ethernet 0
deny service = "Printer" in from ethernet 0
deny network = FAB4 out to ethernet 1
permit

The SAP filter is applied in the General section.

[ General ]
IPXSAPFilters = servers

Related Commands

Command Description

configure General

Configures general system settings

configure IPX

Configures IPX parameters for an interface

configure Logging

Configures logging options

edit config IPX Filter

Creates IPX packet filters

edit config IPX Route Filter

Creates IPX route filters

show ipx

Shows IPX configuration and routing

Command	Description
configure General	Configures general system settings
configure IPX	Configures IPX parameters for an interface
configure Logging	Configures logging options
edit config IPX Filter	Creates IPX packet filters
edit config IPX Route Filter	Creates IPX route filters
show ipx	Shows IPX configuration and routing

Table of Contents