Filter
Top Products
Configuring IPX RIP/SAP Filtering
Page 27-25
As another example, to display a list of all global RIP Input filters, you would enter:
ipxf ri global
A screen similar to the following displays:
Displaying all global RIP INPUT filters:
GP:VL (s/p/vc)
# Type Net/Mask Node/Mask Svc Md (Peer ID)
------ ------------ ---------------------- ----------------------------------- ------ ---- --------------------
3 RIP IN 67/ffffffff B global
IPX RIP/SAP Filter Precedence
Whenever you use multiple “allow” filters you must first define a filter to block all RIPs or
SAPs. Then, all of the seceding “allow” filters of the same type must be at least as specific in
all areas in order for the filters to work. Note that filtering precedence is related only to
“allow” filters. Multiple “block” filters can be defined with varying specificity in each of the
areas of the filter. The filtering done by the configurable parameters (Net/Mask, Node/Mask,
Service/Mode) in the “allow” filter must be at least as specific as the filtering defined in the
“block” filter.
As an example, consider a switch that knows of multiple Type 4 SAPs on various networks,
including a network with an address of “40.” The switch also knows of various types of SAPs
on Network 40. For this example, you want to block all SAPs coming from Network 40, but
you want to allow all Type 4 SAPs, including the ones that come from Network 40.
To meet these objectives, you must configure the filters like this:
# Type Net/Mask Node/Mask Svc Md GP:VL
------ ------------ ---------------------- ------------------------------------------------------- ----------
1 SAP IN 40/ffffffff all nodes ALL B global
2 SAP IN 40/ffffffff all nodes 4 A global
The filters shown below will not work for our example because in Filter 2 the type of service
is less specific than the type defined in Filter 1. All Type 4 SAPs will be blocked by the filter.
# Type Net/Mask Node/Mask Svc Md GP:VL
------ ------------ ---------------------- --------------------------------------------- ------ ---- ----------
1 SAP IN All networks all nodes 4 B global
2 SAP IN 40/ffffffff all nodes ALL A global
The following filters will also not work because in Filter 2 the network and netmask are less
specific than the network and netmask defined in Filter 1. All SAPs from Network 40 will be
blocked by the filter.
# Type Net/Mask Node/Mask Svc Md GP:VL
------ ------------ ---------------------- --------------------------------------------- ------ ---- ----------
1 SAP IN 40/ffffffff all nodes ALL B global
2 SAP IN All networks all nodes 4 A global