Foundry Networks Switch and Router Installation And Configuration Manual page 884

Foundry Switch and Router Installation and Configuration Guide
The node is a 48-bit value represented by three four-digit numbers joined by periods; for example,
1234.1234.1234.
The [<network-mask>.<node-mask>] parameter lets you specify a comparison mask for the network and node.
The mask consists of zeros (0) and ones (f). Ones indicate significant bits. For example, to configure a mask that
matches on network abcdefxx, where xx can be any value and the node address can be any value, specify the
following mask: ffffff00.0000.0000.0000
NOTE: To apply an ACL for filtering GNS replies to an interface, you must use the ipx output-gns-filter
command instead of the ipx sap-filter-group command. See "Filter GNS Replies" on page 23-10.
The in | out parameter of the ipx sap-filter-group command specifies whether the ACLs apply to incoming traffic
or outgoing traffic.
USING THE WEB MANAGEMENT INTERFACE
You cannot configure a SAP access list using the Web management interface.
Enable Round-Robin GNS Replies
By default, the Layer 3 Switch replies to a GNS request with the most recently learned server supporting the
requested service. You configure the Layer 3 Switch to instead use round-robin to rotate among servers of a
given service type when responding to GNS requests. To do so, use one of the following methods.
USING THE CLI
To enable the Layer 3 Switch to use round-robin to select servers for replies to GSN requests, enter the following
commands:
BigIron(config)# ipx gns-round-robin
BigIron(config)# write memory
Syntax: [no] ipx gns-round-robin
USING THE WEB MANAGEMENT INTERFACE
You cannot enable round-robin for GNS replies using the Web management interface.
Filter GNS Replies
You can use IPX access lists to permit or deny specific services and servers in GNS replies to specific IPX nodes
(hosts). To do so, use either of the following methods to configure IPX access lists that include service and server
information, then apply them to specific ports.
USING THE CLI
To configure IPX ACLs and apply them to a port to control responses to GNS requests on that port, enter
commands such as the following:
BigIron(config)# router ipx
BigIron(config-ipx-router)# ipx sap-access-list 2 deny efff 47 Prt0
BigIron(config-ipx-router)# ipx sap-access-list 20 deny aaaa.bbbb.cccc.dddd 47 Prt1
BigIron(config-ipx-router)# ipx sap-access-list 32 permit -1 0
BigIron(config-ipx-router)# exit
BigIron(config)# int e 1/1
BigIron(config-if-1/1)# ipx output-gns-filter 10 20 32
BigIron(config-if-1/1)# write memory
The commands in this example configure three ACLs. Two of the ACLs contain server network, service type, and
server information and deny reporting these servers to the clients. For example, ACL 2 does not permit the Layer
3 Switch from sending server "Prt0" with network efff in GNS replies to the client.
ACL 32 changes the default action from deny to permit. All GNS replies that are not explicitly denied by other
ACLs are permitted by this one.
23 - 10 December 2000