Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Synergon Informatika Rt., 1999 Chapter 5 Managing AppleTalk Traffic.

Published byLee Jefferson Modified over 9 years ago

Similar presentations

Presentation on theme: "© Synergon Informatika Rt., 1999 Chapter 5 Managing AppleTalk Traffic."— Presentation transcript:

1 © Synergon Informatika Rt., 1999 Chapter 5 Managing AppleTalk Traffic

2 2 Objectives Upon completion of this chapter, you will be able to perform the following tasks: Identify potential source of congestion in an AppleTalk network Configure zone filters Configure RTMP filters Configure NBP filters

3 3 AppleTalk Traffic Management

4 4 AppleTalk Traffic Management Overview I am looking for servers in Campus Zone I am server in Campus Zone Access Campus Zone Device location traffic is one source of overhead RTMP broadcasts table every 10 seconds Cisco IOS filters can reduce traffic or control access

5 5 AppleTalk Protocol Stack Application Presentation Session Transport Network Data Link Physical 76543217654321 AppleTalk Higher Layres 76543217654321 Ethernet Token Ring FDDIOther DDP ZIPRTMPNBP OSI Reference Model AppleTalk Architecture

6 6 AppleTalk Services Zone Bldg-17 Zone Users Zone Bldg D 1st floor Zone Bldg-13

7 7 Nonextended/Extended Networks 253 hosts/servers per network Range of network number per wire 127 hosts, 127 servers per network Single network number per wire Extended Nonextended Network 100-105 Network 100 OR

8 8 Extended AppleTalk Internetwork Cable Range 120-129 Zone B Zone A Zone B Zone A Cable Range 110-110 Cable Range 101-101 Multiple zones per cable range Multiple cable ranges per zone

9 9 AppleTalk Zones Zones divide a network into manageable “communities of interest” Widespread zones experience more traffic A B C Network Growth

10 10 AppleTalk Filtering Options GetZoneList - Local router to Macintosh ZIP reply - Hides zones between routers Distribute list - Hides cable range, controls broadcasts NBP - Hides service, control broadcasts RTMP filtered GetZoneList reply fiktered GetZoneList Zip reply filtered

11 11 Filtering Configuration Tasks Two fundamental configuration tasks common to all filters: Step 1Create an access list Step 2Apply access list to interface access-list 601 deny cable-range 100-100 access-list 601 permit other-access access-list 601 deny cable-range 100-100 access-list 601 permit other-access Interface Ethernet 2 AppleTalk access-group 601 Interface Ethernet 2 AppleTalk access-group 601 E1E2

12 12 Configuring Zone Filters

13 13 How Services and Zones Are Learned Zone Bldg-17 Zone Users Zone Bldg D 1st floor GetZoneList (GZL) request to router NBP broadcast

14 14 GZL Filter Hides Zones from User E0 E1 Requirement: Operation zone cannot access Accounting Solution: Use GZL filter Effect: Router does not include Accounting in GZL reply E2 Zone: Executive Cable-range: 101-200 Zone: Accounting Cable-range: 201-300 Zone: Operation Cable-range: 501-1000

15 15 GetZoneList Filter Commands Router (config) # access-list access-list-number { permit | deny } zone zone-name  Defines default action for zones not specified  Creates access list Router (config) # access-list access-list-number { permit | deny } additional-zones  Applies GZL filter to an interface Router (config-if) # Appletalk getzonelist-filter access-list-number

16 16 GetZoneList Filtering Example E0 E1 E2 Zone: Executive Cable-range: 101-200 Zone: Accounting Cable-range: 201-300 Zone: Operation Cable-range: 501-1000 Interface Ethernet 1 AppleTalk cable-range 501-1000 AppleTalk zone Operation AppleTalk getzonelist-filter 601 access-list 601 deny zone Accounting access-list 601 permit additional-zones Interface Ethernet 1 AppleTalk cable-range 501-1000 AppleTalk zone Operation AppleTalk getzonelist-filter 601 access-list 601 deny zone Accounting access-list 601 permit additional-zones

17 17 How Routers Learn Zones Zone: Headquartes Cable-range: 101-200 Zone: WAN Cable-range: 800-800 Zone: WAN Cable-range: 700-700 Zone: London Cable-range: 201-250 R1 Zone Information Table Headquarters101-200 WAN700-700, 800-800 1 2 3 1 R1 sends RTMP update with network numbers 2R2 sends ZIP request asking for associated zones 3R1 sends Zone Information table (ZIT) R2 R1

18 18 ZIP Reply Filters Hide Zones Requirement: Do not want R2 router to know about Paris_Acct Zone Solution: Use ZIP reply filter on R1 Zone Headquarters Zone WAN Zone London Default Zone: Paris Additional zone:Paris_Acct S0 S1 E0 R2R3 R1

19 19 Zip Reply Filter Commands Router (config) # access-list access-list-number { permit | deny } zone zone-name  Defines default action to take for zones  Creates access list and defines zone access Router (config) # access-list access-list-number { permit | deny } additional-zones  Applies zip-reply-filter to an interface Router (config-if) # Appletalk zip-reply-filter access-list-number

20 20 ZIP Reply Filtering Example Default Zone: Paris Additional zone:Paris_Acct Cable-range: 251-300 S0 S1 E0 R2R3 R1 interface Serial 0 appletalk caple-range 700-700 appletalk zone WAN appletalk zip-reply-filter 602 access-list 602 deny zone Paris_Acct access-list 602 permit additional-zones R1 interface Serial 0 appletalk caple-range 700-700 appletalk zone WAN appletalk zip-reply-filter 602 access-list 602 deny zone Paris_Acct access-list 602 permit additional-zones Zone: Headquartes Cable-range: 101-200 Zone: WAN Cable-range: 800-800 Zone: WAN Cable-range: 700-700 Zone: London Cable-range: 201-250 R1

21 21 Verifying Zone Filters Tokyo# show appletalk zone Name Network (s) Ozone12810-12819 Azone3210-3219 3230-3230 3220-3220 Fzone11250-11259 Total of 3 zones Tokyo# show appletalk zone Name Network (s) Ozone12810-12819 Azone3210-3219 3230-3230 3220-3220 Fzone11250-11259 Total of 3 zones Shows all zones know to the router

22 22 Configuring RTMP Filters

23 23 How Routers Learn Networks Cable-range: 251-300 S0 S1 E0 R2R3 R1 Network Distance 101-2000 800-8000 700-7000 251-3001 201-2501 Cable-range: 700-700 Cable-range: 201-250 R1 Cable-range: 800- 800 Cable-range: 101-200 RTMP broadcast full routing table every 10 seconds

24 24 How Routers Learn Networks S0 S1 E0 R2R3 R1 Network Distance 101-2000 800-8000 700-7000 251-3001 201-2501 R1 Requirement: Do not want cable range 251-300 advertised to R2 Solution: Use distribute-list filter so R1 does not advertise cable range 251-300 Zone: Headquartes Cable-range: 101-200 Default Zone: Paris Additional zone:Paris_Acct Cable-range: 251-300 E0 Zone: WAN Cable-range: 700-700 Zone: London Cable-range: 201-250 Zone: WAN Cable-range: 800-800

25 25 RTMP Filter Commands Router (config) # access-list access-list-number { permit | deny } network network  Defines access for a single cable range  Defines access for a single network number Router (config) # access-list access-list-number { permit | deny } cable-range cable-range  Defines the default action to take for network number or cable range not specified in list Router (config) # access-list access-list-number { permit | deny } other--access

26 26 RTMP Filter Commands (cont.) Router (config-if) # Appletalk distribute-list access-list-number in  Controls which router are advertised  Controls which routes are accepted into the routing table Router (config-if) # Appletalk distribute-list access-list-number Out

27 27 RTMP Filtering Example Default Zone: Paris Additional zone:Paris_Acct Cable-range: 251-300 S0 S1 E0 R2R3 R1 interface Serial 0 appletalk caple-range 700-700 appletalk zone WAN appletalk zip-reply-filter 603 out access-list 603 deny cable-range 251-300 access-list 603 permit other-access access-list 603 permit additional-zones R1 interface Serial 0 appletalk caple-range 700-700 appletalk zone WAN appletalk zip-reply-filter 603 out access-list 603 deny cable-range 251-300 access-list 603 permit other-access access-list 603 permit additional-zones Zone: Headquartes Cable-range: 101-200 Zone: WAN Cable-range: 800-800 Zone: WAN Cable-range: 700-700 Zone: London Cable-range: 201-250 R1

28 28 RTMP Filtering Considerations R1 interface Ethernet 0 appletalk caple-range 101-101 appletalk zone Accounting appletalk distribute-list 603 in appletalk permit-partial-zones access-list 603 deny cable-range 301-301 access-list 603 permit other-access access-list 603 permit additional-zones R1 interface Ethernet 0 appletalk caple-range 101-101 appletalk zone Accounting appletalk distribute-list 603 in appletalk permit-partial-zones access-list 603 deny cable-range 301-301 access-list 603 permit other-access access-list 603 permit additional-zones Zone: Accounting Cable-range: 101-101 Zone: Operation Cable-range: 301-301 Zone: Operation Cable-range: 201-201 R1 R2 E0 E1  If access to any network in a zone is denied, access to that zone is also denied by default  use appletalk permit-partial-zones to allow access to other networks in that zone

29 29 Verifying RTMP Filters Tokyo# show appletalk route Codes: R - RTMP derived, E - EIGRP derived, C - connected, A - AURP, S - static, P - proxy 5 routes in Internet he first zone listed for each entry is its default (primary) zone. C Net 3210-3219 directly connected, Ethernet0, zone Azone C Net 3220-3220 directly connected, Serial0, zone Azone C Net 32300-3230 directly connected, Serial1, zone Azone R Net 11250-11259 [1/G] via 3211.4, 7 sec, Ethernet0, zone Fzone C Net 12810-12819 directly connected, Ethernet1, zone Ozone Tokyo# show appletalk route Codes: R - RTMP derived, E - EIGRP derived, C - connected, A - AURP, S - static, P - proxy 5 routes in Internet he first zone listed for each entry is its default (primary) zone. C Net 3210-3219 directly connected, Ethernet0, zone Azone C Net 3220-3220 directly connected, Serial0, zone Azone C Net 32300-3230 directly connected, Serial1, zone Azone R Net 11250-11259 [1/G] via 3211.4, 7 sec, Ethernet0, zone Fzone C Net 12810-12819 directly connected, Ethernet1, zone Ozone Display routing table entries

30 30 Configuring NBP Filters

31 31 How Names Are Learned 4 321 I am looking for file server in Campus Zone I am a file server in Campus Zone Campus Zone NBP Messages 1 broadcast requestUnicast to local router 2 Forward requestUnicast to either routers 3 Lookup Multicast on cable in zone 4 ReplyUnicast back to originator

32 32 NBP Filters Hide Services Fred’s Mac Main Server Cable Range 200-200 NBP filters can deny access to a single device or to all devices within a zone NBP filters are based on entity names Cable Range 300-300 Cable Range 100-100 Campus Zone Users Zone E0R2R1

33 33 Entity Names Fred’s Mac Main Server A network-visible-entity (NVE) is any entity that is accessible over an AppleTalk network Entity names are character strings of form: object:type@zone Campus Zone Users Zone R2R1 Fred’s MAC: Workstation@Users ZoneMain Server: AFPServer@Campus Zone

34 34 NBP Filter Commands Router (config) # access-list access-list-number { permit | deny } nbp seq { type | object | zone} string  Defines the default action for all other NBPs  Creates access list Router (config) # access-list access-list-number { permit | deny } other-nbps  Apples the NBP filter to the interface Router (config) # appletalk access-group access-list-number

35 35 NBP Filtering Example 1 Fred’s Mac Main Server Cable Range 200-200 Cable Range 300-300 Cable Range 100-100 Campus Zone Users Zone E0R2R1 interface Serial 0 appletalk caple-range 300-300 appletalk zone Users Zone appletalk access-group 603 access-list 603 deny nbp 1 object Color Laser access-list 603 deny nbp 1 type LaserWriter access-list 603 deny nbp 1 zone Campus Zone access-list 603 permit other-nbps access-list 603 permit other-access R1 interface Serial 0 appletalk caple-range 300-300 appletalk zone Users Zone appletalk access-group 603 access-list 603 deny nbp 1 object Color Laser access-list 603 deny nbp 1 type LaserWriter access-list 603 deny nbp 1 zone Campus Zone access-list 603 permit other-nbps access-list 603 permit other-access Denying a Single Device Color LAser

36 36 NBP Filtering Example 2 Fred’s Mac Main Server Cable Range 200-200 Cable Range 300-300 Cable Range 100-100 Campus Zone Users Zone E0R2R1 interface Serial 0 appletalk caple-range 300-300 appletalk zone Users Zone appletalk access-group 603 access-list 603 deny nbp 1 zone Campus Zone access-list 603 permit other-nbps access-list 603 permit other-access R1 interface Serial 0 appletalk caple-range 300-300 appletalk zone Users Zone appletalk access-group 603 access-list 603 deny nbp 1 zone Campus Zone access-list 603 permit other-nbps access-list 603 permit other-access Denying All Services within a Zone Color LAser

37 37 Verifying NBP Filters Tokyo# show appletalk nbp Net AdrSktNameTypeZone 32201254Tokyo.Serial0ciscoRouterAzone 32301254Tokyo.Serial1ciscoRouterAzone 321384254Toky.Ethernet0ciscoRouterAzone 12813205254Toky.Ethernet1ciscoRouterOzone Tokyo# show appletalk nbp Net AdrSktNameTypeZone 32201254Tokyo.Serial0ciscoRouterAzone 32301254Tokyo.Serial1ciscoRouterAzone 321384254Toky.Ethernet0ciscoRouterAzone 12813205254Toky.Ethernet1ciscoRouterOzone  Display the contents of the name registration table

38 38 Summary Locating services and routing updates cause overhead in an AppleTalk network Understanding communities of interest is key to controlling service location traffic Filtering strategies must assure that routing information needed for service location is accessible to routers Cisco’s IOS software provides many features for reducing the volume of service location and routing traffic, and for controlling access

Download ppt "© Synergon Informatika Rt., 1999 Chapter 5 Managing AppleTalk Traffic."

Similar presentations

Route Optimisation RD-CSY3021.

Route Optimisation RD-CSY3021.
RIP V1 W.lilakiatsakun.

RIP V1 W.lilakiatsakun.
Interconnecting Networks with TCP/IP

Interconnecting Networks with TCP/IP
Implementing Inter-VLAN Routing

Implementing Inter-VLAN Routing
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
Ch. 9 – Basic Router Troubleshooting CCNA 2 version 3.0.

Ch. 9 – Basic Router Troubleshooting CCNA 2 version 3.0.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Operating Cisco IOS Software.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Operating Cisco IOS Software.
NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.

NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
Institute of Technology, Sligo Dept of Computing Cisco Semester 4 Chapter 1, version 2.1.3 Review.

Institute of Technology, Sligo Dept of Computing Cisco Semester 4 Chapter 1, version Review.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen

1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen
1 Semester 2 Module 6 Routing and Routing Protocols YuDa college of business James Chen

1 Semester 2 Module 6 Routing and Routing Protocols YuDa college of business James Chen
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.08 IP Routing Protocol Highlights.

CISCO NETWORKING ACADEMY Chabot College ELEC IP Routing Protocol Highlights.
© 2002, Cisco Systems, Inc. All rights reserved..

© 2002, Cisco Systems, Inc. All rights reserved..
Lecture Week 7 RIPv2 Routing Protocols and Concepts.

Lecture Week 7 RIPv2 Routing Protocols and Concepts.

Similar presentations

Ads by Google