AppleTalk supports the following types of filters:
NOTE: When you configure a filter for a primary WAN call, an equivalent filter is automatically generated for the backup call. If the primary call should fail, the backup call is automatically connected. You can only view primary filters using FILTCFG. Backup filters do not appear in FILTCFG.
Refer to Understanding for more information.
This section contains the following topics:
Before you begin, make sure that filtering support is enabled for AppleTalk in NIASCFG. Otherwise, filtering will not work.
To configure AppleTalk device hiding filtering, complete the following steps:
Load FILTCFG, then select the following parameter path:
Select Configure AppleTalk Filters > Device Hiding Filters
Select Action and toggle the choice to show or hide the devices listed in the filter list.
This specifies the action taken when an NBP reply packet matches a filter in the filter list. If you specify to show the devices, the AppleTalk router forwards only the NBP replies that match a filter in the filter list. If you specify to hide the devices, the AppleTalk router discards all NBP replies that match a filter in the filter list.
Select Filters .
This displays a list of filters that hide or show devices, depending on the setting of the Action parameter. The name, type, device location, and user location are listed for each device filter.
Modify the filter list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.
If you are modifying an existing filter or adding a filter, specify the following parameters in the Define Filter menu:
Keep the default (=) to select all NBP names. An AppleTalk device advertises itself on the network according to the Device Name and Device Type values.
Device Type ---Enter a text string of up to 32 characters. Comment ---Enter an optional short description.
Select <Any> to select all device locations to show or hide all devices to the user location.
<Any > or AURP Tunnel ---This field cannot be edited. Interface ---Press Enter , then select a specific interface on which you want to filter the service. You can select a LAN interface, a WAN interface, the internal network, or all interfaces. The default is All Interfaces . Interface Group ---Press Enter , then select a network interface group from the list. Non-extended Network ---Press Enter , then type a network number to identify the nonextended network in which the filtered device is located. Multiple/Extended Networks ---Press Enter , then type the start and end network numbers for the extended network in which the filtered device is located. The start number must be greater than zero, and the end number must be greater than or equal to the start value. You can enter a specific extended network, or a range of extended and nonextended networks. For example, for networks 1-9, 10, 11-20, 21-30, specifying an extended range of 1-30 will filter all devices in the 1-9, 10, 11-20, and 21-30 extended networks. Zone ---Press Enter , then type the name of the AppleTalk zone in which the filtered device is located.
Local Frame Relay DLCI # (for frame relay)---The DLCI circuit number used for calls. Remote System ID (for PPP, X.25, ISDN, or ATM)---The name of the remote system server or remote peer associated with this circuit. Circuit Parameter Type (for X.25 or ATM)---The type of virtual circuit used to establish a connection. Remote DTE Address (for X.25)---The X.121 DTE address assigned to the specific remote DTE. Remote ATM Address (for ATM)---The address assigned to the specific remote ATM.
<Any > or AURP Tunnel ---This field cannot be edited. Interface ---Press Enter , then select a specific interface on which you want to filter the service. You can select a LAN interface, a WAN interface, the internal network, or all interfaces. The default is All Interfaces . Interface Group ---Press Enter , then select a network interface group from the list. Non-extended Network ---Press Enter , then type a network number to identify the nonextended network in which the filtered device is located. Multiple/Extended Networks ---Press Enter , then type the start and end network numbers for the extended network in which the filtered device is located. The start number must be greater than zero, and the end number must be greater than or equal to the start value. You can enter a specific extended network, or a range of extended and nonextended networks. For example, for networks 1-9, 10, 11-20, 21-30, specifying an extended range of 1-30 will filter all devices in the 1-9, 10, 11-20, and 21-30 extended networks. Zone ---Press Enter , then type the name of the AppleTalk zone in which the filtered device is located.
Local Frame Relay DLCI # (for frame relay)---The DLCI circuit number used for calls. Remote System ID (for PPP, X.25, ISDN, or ATM)---The name of the remote system server or remote peer associated with this circuit. Circuit Parameter Type (for X.25 or ATM)---The type of virtual circuit used to establish a connection. Remote DTE Address (for X.25)---The X.121 DTE address assigned to the specific remote DTE. Remote ATM Address (for ATM)---The address assigned to the specific remote ATM.
Press Esc and save the filter information.
Select Exceptions .
This lists the exceptions to the device filter list. Depending on the Action parameter setting, devices that match a filter on this list are always or are never permitted or denied, even if another filter is configured to do the opposite.
Modify the exceptions list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter. Refer to Step 4 and Step 5 to modify or add a filter to the exceptions list.
Select Status and toggle the choice to read Enabled or Disabled .
All configured filters immediately become active (enabled) or inactive (disabled).
Press Esc to save the information and return to the Configure AppleTalk Filters menu.
FigureFigure 7 shows the internetwork topology for an organization with an FDDI backbone connecting several departments within the organization and a link to external networks. Routers A and C connect the departmental networks to the backbone. In general, users can communicate freely across the internetwork. However, access to printers within the Accounting department is restricted.
Figure 7
AppleTalk Device Hiding Filter Example
All networks within the Accounting department are in Zone Accounting. A device hiding filter on Router C stops access from specific areas to the LaserWriter* printers within the Accounting zone.
When configuring this example, set the parameters as shown in Table 7.
Table 7. Parameters for AppleTalk Device Hiding Filter Example
Before you begin, make sure that filtering support is enabled for AppleTalk in NIASCFG. Otherwise, filtering will not work.
To configure AppleTalk routing information filtering for incoming (or outgoing) route filters, complete the following steps:
Load FILTCFG, then select the following parameter path:
Select Configure AppleTalk Filters > Incoming Route Filters (or Outgoing Route Filters )
Select Action and toggle the choice to permit or deny the routes listed in the filter list.
This specifies the action taken with a route that appears in the filter list. If you select to permit routes, the AppleTalk router accepts (or advertises) only the routes from (or to) the networks in the filter list. If you select to deny routes, the AppleTalk router does not accept (or advertise) specific routes from (or to) specific networks in the filter list, but does accept (or advertise) all other entries in the routing table.
Select Filters .
This lists the filters that are permitted or denied, according to the Action parameter setting.
Modify the filter list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter.
If you are modifying an existing filter or adding a filter, specify the following parameters in the Define Filter menu:
If you specified Interface as the Source Type , select a specific interface on which you want to filter the service. You can select a LAN interface, a WAN interface, the internal network, or all interfaces. The default is All Interfaces .
Local Frame Relay DLCI # (for frame relay)---The DLCI circuit number used for calls. Remote System ID (for PPP, X.25, ISDN, or ATM)---The name of the remote system server or remote peer associated with this circuit. Circuit Parameter Type (for X.25 or ATM)---The type of virtual circuit used to establish a connection. Remote DTE Address (for X.25)---The X.121 DTE address assigned to the specific remote DTE. Remote ATM Address (for ATM)---The address assigned to the specific remote ATM.
Press Esc and save the filter information.
Select Exceptions .
This lists the exceptions to the filter list. Depending on the Action parameter setting, routes that match a filter on this list are always or are never permitted or denied, even if another filter is configured to do the opposite.
Modify the exceptions list.
Select a filter from the list and press Enter to modify the filter or Del to remove it. Press Ins to add a new filter. Refer to Step 4 and Step 5 to modify or add a filter.
Select Status and toggle the choice to read Enabled or Disabled .
Any configured filters immediately become active (enabled) or inactive (disabled).
Press Esc to save the information and return to the Configure AppleTalk Filters menu.
In the following example, the Accounting department is connected to the FDDI backbone by Router C. One of the AppleTalk networks within Accounting is 165-170. Because access to this network from outside the Accounting department is not required, the administrator has chosen not to propagate a route to this network outside the Accounting department. Figure 8 shows the internetwork topology.
NOTE: When you configure a filter for a primary WAN call, an equivalent filter is automatically generated for the backup call. If the primary call should fail, the backup call is automatically connected.
Figure 8
AppleTalk Routing Information Filter Example
Extended network 165-170 can be hidden from the rest of the organization if an outgoing route filter is configured on Router C.
The route being hidden from the rest of the network is extended network 165-170. Router C's connection to the departments outside Accounting is through the FDDI backbone. The destination from which to hide the Accounting network is most easily defined as the interface to the backbone. Note that no node or server in the internetwork can see the Accounting network 165-170. However, nodes in Accounting can see the internetwork routes, but cannot see any devices on the internetwork.
When configuring this example, set the parameters as shown in Table 8.
Table 8. Parameters for AppleTalk Routing Information Filter Example
Parameter | Value |
---|---|
Action |
Deny |
Filtered Route: Route to Network or Zone |
. Multiple/Extended Network |
Network Number/Range |
165-170 |
Destination Type Destination |
Interface FDDI |