GLOBAL KNOWLEDGE NETWORKä CERTIFICATION PRESS |
Chapter 8
Appletalk Configuration
Certification Objectives
*Physical and Data-Link Layers
*Network Layer
*Upper-Layer Protocols
*From the Classroom
*Why study AppleTalk?
*Address Structure
*Address Assignment
*Required AppleTalk Commands
*AppleTalk Filtering
*Verifying and Monitoring AppleTalk Configurations
*SHOW APPLETALK INTERFACE
*SHOW APPLETALK ROUTE
*SHOW APPLETALK ZONE
*
AppleTalk (AT) is the name given to the suite of network protocols created by Apple Computer, Inc. (Apple) for use on their Macintosh line of personal computers. The various protocols in the protocol stack are used to provide communications services for file servers, printers, electronic mail, and other network applications. Table 8-1 identifies the protocols that make up the AT protocol suite. It also shows how the protocols relate to each other and to the OSI model. Cisco routers and switches support the AppleTalk protocol stack. Using Cisco networking equipment, an AppleTalk network can span the entire globe providing global file, print, and application services to Macintosh computer users. Cisco has maintained a strong commitment to the AppleTalk protocol suite even in the face of a shrinking AppleTalk user community. In the late 1980s and early 1990s Macintosh desktop and laptop computers were standard fare in many Cisco offices. The relationship between Apple and Cisco is evident in Cisco’s strong IOS
ä support for the AT protocols, including the newly added support for inbound access control lists (IOS version 11.3). Cisco currently provides a host of advanced routing features to support the protocols created by its Silicon Valley neighbor. Although AppleTalk is given limited treatment in the latest Cisco courseware, AppleTalk is still fair examination material for most certification tests. {Answer to Self Test Question #21}, {Answer to Self Test Question #23}|
Layer |
OSI Name |
AppleTalk Protocols |
|
7/6 |
Application/Presentation |
AppleTalk Filing Protocol (AFP) |
|
5 |
Session |
ASP, ZIP, ADSP |
|
4 |
Transport |
RTMP, AEP, ATP, NBP |
|
3 |
Network |
Datagram Delivery Protocol (DDP) |
|
2/1 |
Data-link/Physical |
EtherTalk, TokenTalk, FDDITalk, LocalTalk |
Table 1 AppleTalk Protocol Stack
In this chapter we shall discuss the aspects of AppleTalk that will prepare you for Cisco certification tests. We will start by introducing the AppleTalk protocol stack, which will be followed by a brief discussion of AppleTalk services. The next sections will explain the AppleTalk addressing scheme, AppleTalk zones, AppleTalk routing and AppleTalk discovery mode. The last section of the chapter will discuss and illustrate how to configure your router to route AppleTalk traffic and apply access control mechanisms to AppleTalk data in your network.
AppleTalk Protocol Stack
The AppleTalk protocol stack was created by Apple engineers to provide a communications infrastructure for resource sharing and client-server information exchange. It was designed to be a user-friendly network implementation that would hide the complexities of network operations from the user. Apple did not want to burden the user with mundane chores such as address assignment, for which AppleTalk uses an automatic address assignment procedure. The ease-of-use design goal is also evident in the Routing Table Maintenance Protocol and Name Binding Protocols that maintain AppleTalk network tables without user intervention. In this section, the various parts of the AppleTalk protocol stack will be examined to see how they work together and how they correlate to the seven-layer OSI model.
The AppleTalk protocol suite has a number of data-link and physical layer protocol options. The most popular physical and data-link protocols are Ethernet/EtherTalk, Token Ring/TokenTalk, Fiber Distributed Data Interface (FDDI)/FDDITalk and LocalTalk. EtherTalk, TokenTalk and FDDITalk are Apple Computer’s implementation of Ethernet, Token Ring and FDDI, respectively.
{Answer to Self Test Question #3} LocalTalk is a 230-kbps physical/data-link networking protocol that is standard on all Apple Macintosh computers and most Apple printers designed to operate with Macintosh computers.The physical and data-link layers of the AppleTalk protocol suite provide media access control and encoding services to the Datagram Delivery Protocol (DDP). DDP relies on the lower-layer protocols to provide the highway over which AppleTalk datagrams (also known as packets) can be transmitted from one node to another. They also specify the mechanical and electrical characteristics of the cables and connectors used to carry AppleTalk traffic. Table 8-2 summarizes the AppleTalk physical and data-link types, along with the bandwidth and type of cabling usually associated with each data-link type.
{Answer to Self Test Question #22}|
Data-Link Type |
Speed |
Cable Type |
|
EtherTalk |
10 and 100 Mbps |
Copper unshielded twisted-pair, coaxial Thinnet and Thicknet, fiber |
|
LocalTalk |
230 kbps |
Copper unshielded twisted-pair |
|
TokenTalk |
4 or 16 Mbps |
IBM Type 1 shielded twisted-pair (unshielded can be used on some implementations) |
|
FddiTalk |
100 Mbps |
Fiber optic |
Table 2 AppleTalk Data-Link Types
{Answer to Self Test Question #6}
The network layer protocol used in the AppleTalk protocol stack is called the Datagram Delivery Protocol. DDP provides the same connectionless service that the Internet Protocol (IP) provides in the TCP/IP protocol stack. The DDP header contains, among other things, the source and destination AppleTalk address for each packet. The presence of the source and destination AppleTalk address in the DDP header makes the AppleTalk traffic routable. Without DDP addresses, AppleTalk data would have to be bridged or encapsulated like the Local Area Transport (LAT), SNA, and NETBIOS protocols. Therefore, DDP operates as the delivery vehicle for all upper-layer AppleTalk protocols. These upper-layer protocols provide routing table maintenance, zone processing, name resolution, and other services.The AppleTalk protocol stack uses several upper-layer protocols, as shown in Table 8-1. The upper-layer protocols discussed in this section are the Zone Information Protocol (ZIP), Routing Table Maintenance Protocol (RTMP), and Name Binding Protocol (NBP). The Zone Information Protocol is used to manage AppleTalk zone processing. In AppleTalk, zones are used to combine individual network resources into logical workgroups. Each of these zones is given a unique zone name (for example, Accounting zone). Typically, all network resources commonly used by a given department are assigned to the same zone. Therefore, when a member of a workgroup wants to select a network resource such as a printer, she will select her workgroup and a list of available printers in her workgroup will appear in the Chooser application. Printers assigned to other zones will not be on the list. Since the Chooser application would otherwise send network resource requests to all devices of the type selected, using zones to control such requests reduces network overhead. When used properly, ZIP causes Chooser resource requests to be sent only to the currently selected zone. Otherwise, such requests would propagate across the network. ZIP works in cooperation with the NBP and RTMP to allow access to network resources. NBP and RTMP and are discussed in more detail later in this chapter.
The AppleTalk protocol responsible for creating and maintaining the AppleTalk routing tables is the Routing Table Maintenance Protocol. As a distance vector routing protocol, RTMP causes a router’s routing table to be broadcast to its neighbors on a periodic basis. The frequency of the routing table updates, in the case of RTMP, is every ten seconds. Cisco routers also support the optional Apple Update-Based Routing Protocol (AURP) and Enhanced Interior Gateway Routing Protocol (EIGRP) for creating and maintaining AppleTalk routing tables; however, these two routing protocols are most frequently used on wide-area network links between routers.
Start sidebar
One of the most difficult protocols to convince students to learn about is AppleTalk. "Get rid of it. I’ll never see it," they insist. But there still are some pretty big networks out there running AppleTalk, and they need your help. Where do you find them? In the academic and research worlds, in the graphic and musical arts, in publishing, and in the education communities. Businesses that wanted instant productivity for their workers used to choose Macintosh computers over Intel-based PCs because they were so easy to use and administer. Cisco Systems used Apple computers to run its business until only a few years ago. It was big news in mid-1998 when Motorola announced that it would no longer use the Macintosh for its internal staff, but would switch to PCs instead. Remember who made the processor for the Apple computers: Motorola.
Think about what dynamic addressing means to the AppleTalk network administrator. All he needs to do if he wants to move that user and his PC is pick up the computer and take it (or ship it) to its new location, and plug it into the network. The computer learns its cable range from the local router, and tries out the node address it had before. If no other computer is using it, the user is ready to go. If he wants to print, all he has to do is open Chooser, and he is presented with a dynamically updated list of all the printers available to him. It’s great from the user’s perspective, and it’s easy to manage those moves, adds, and changes.
In order to implement that ease of use, there has to be a lot of complexity in the protocols. Pamela’s Rule is: The easier a network system is for the end user, the harder it is for the network administrator to manage its protocols. AppleTalk protocols are both complex and difficult to manage in a large network. Like IPX, the other major protocol that originated in a LAN environment, AppleTalk relies extensively on broadcasts and multicasts for communication among network devices, and devices in an AppleTalk network communicate more often than in any other kind of network.
Think about that dynamically updated list of printers the user sees in his Chooser. The list is dynamically updated because of Name Binding Protocol responses coming back to the computer every few seconds from all the printers in his zone, for as long as the Chooser remains open. What if the user decides to print to a zone that’s across a 56-Kbps serial link, and the zone has 500 printers, and the user leaves his Chooser open while he goes into a two-hour meeting?
The Apple world is evolving toward TCP/IP as its protocol of choice, but in the meantime there are still plenty of networks where you can apply the tools provided in the Cisco IOS for managing AppleTalk traffic.
—By Pamela Forsyth, CCIE, CCSI, CNX
End sidebar
AppleTalk Services
The AppleTalk protocol suite uses special protocols to provide services to applications running on host devices. File delivery, print spooling, and name resolution services are the most important services provided by the AppleTalk protocol suite. File delivery service is provided via the AppleTalk Filing Protocol (AFP). AFP is used to find and manipulate files sent to and received from AppleTalk host devices using the AppleShare file sharing software. Since most user-created files must eventually be printed, Apple created a protocol to enable that function. The AppleTalk Printer Access Protocol (PAP) is used to spool print jobs to printers, and otherwise manage the AppleTalk printing process. Printing services are accessed through the Chooser menu, and are managed by the specific printer driver and the background printer manager.
In the Apple networking paradigm, users are not expected to deal with addresses. Instead, each device of a given type in an AppleTalk network has a unique name. {Answer to Self Test Question #26} The user interface uses these names to allow users to select network resources. These names are in turn associated with addresses by the Name Binding Protocol. NBP provides this service to all applications and protocols requiring access to network resources. The function of NBP is analogous to that of the Domain Name System (DNS) protocols in the TCP/IP protocol stack. The difference is that NBP is a deeply integrated and indispensable part of AppleTalk, whereas DNS is just an added convenience in TCP/IP networks.
{Answer to Self Test Question #27}
The AppleTalk Data Stream Protocol (ADSP), AppleTalk Transaction Protocol (ATP) and AppleTalk Session Protocol are often chosen for application-to-application data exchange. ADSP is often preferred, because it implements a reliable bi-directional data stream over DDP. As mentioned earlier in this chapter, DDP carries the AppleTalk addresses described more fully in the next section.AppleTalk Addressing
All routable protocols require an addressing system. This addressing system is used by Cisco routers to determine which outgoing interface should be used to forward each incoming packet. As seen in earlier chapters, the term packet is used to describe a string of ones and zeros, which have been organized into fields. The most important fields in a packet header are the source and destination address fields. The source address field contains the address of the computer that sent the packet, and the destination address field contains the address of the computer to which the packet is to be delivered. The source and destination addresses used at this layer (the network layer) are not like the Media Access Control (MAC) addresses discussed in chapter ##. Those so-called addresses used at the data-link layer are actually "names" which are burned into ROM chips on network interfaces. By contrast, a network layer address must be configured on each network interface. Layer-3 addresses are not "burned-in" and can be changed as needed. Burned-in MAC addresses can not be changed. However, the most important difference between MAC addresses and network layer addresses is illustrated by the following example.
{Answer to Self Test Question #28}
I have a friend named Juan. Juan is originally from Puerto Rico, but he now lives in North Carolina. If I want to send mail to Juan, I send the letter to his address in North Carolina. When Juan travels to Puerto Rico for a visit, I must change the address to which my letters are sent. If I want Juan to get my letters while he is in Puerto Rico, I must use his Puerto Rico address. However, when I address the letter, I must still include the name Juan on the envelope.Notice that Juan’s name did not change when he went to Puerto Rico, but his address did change. This illustrates the difference between an address and a name, as used in computing. Juan’s address had to change because his location changed. This is in contrast with Juan’s name, which did not change even though he went to Puerto Rico. MAC addresses are like names. They stay with a device wherever the device goes. Network layer addresses, however, contain a location component to them. Therefore, when a computer is moved from one network to another, the address of the computer must be changed as well.
AppleTalk addresses have two components. The first component is called the network number and the second component is called the node number. The network number identifies the network segment to which the computer is attached. Routers make these network number assignments. The network portion of the AppleTalk address can be compared to a street name. Every house on Willshire Drive has Willshire Drive as part of its address. Similarly, every computer on a given network must have the same network number. Furthermore, just as every house on Willshire Drive has its own individual house number, each computer on a given network segment must have its own unique node number. Figure 8-1 illustrates the relationship between the two parts of an AppleTalk network layer address.
Figure 1 AppleTalk Phase 1 addressing
Figure 10-1 illustrates what has come to be known as AppleTalk Phase 1 addressing. Current versions of the Cisco IOS supports AppleTalk Phase 2 addressing, also known as extended addressing. {Answer to Self Test Question #30} Using extended AppleTalk addressing, a network segment is not assigned just one network number. Instead, a range of network numbers identifies each network segment. Figure 8-2 shows the relationship between network segments and cable ranges.
Figure 2 AppleTalk Phase 2 addressing
{Answer to Self Test Question #31}
Notice that in Figure 8-2 not every computer on the network segment has the same network number. Also notice that all of the computers have network numbers within the range 400 – 499. The range 400 – 499 is known as the cable range of the network segment. If this cable range is configured on router interface Ethernet 0, the router knows to route any AppleTalk packets with destination network numbers within the range 400 – 499 to the Ethernet 0 interface. The router will also advertise this cable range to other routers in the network using Routing Table Maintenance Protocol or AppleTalk Update-Based Routing Protocol.{Answer to Self Test Question #1}, {Answer to Self Test Question #2}, {Answer to Self Test Question #4}, {Answer to Self Test Question #32}, {Answer to Self Test Question #33}, {Answer to Self Test Question #34}
All network addresses must have a structure that allows the different parts of an address to be identified. In AppleTalk, addresses are written in network node format, as seen in Figure 8-2. In binary, the AppleTalk addresses are 24 bits long, and are formatted such that the high-order 16 bits represent the network part of the address, and the low-order eight bits comprise the node portion of the address. When written in network node notation, the network and node numbers are converted into their decimal equivalents. Therefore, all AppleTalk network numbers must be less than 65,536, because the network portion of an AppleTalk address has 16 bits. Similarly, all AppleTalk node numbers must be less than 256, because of the eight-bit length of the node portion of an AppleTalk address. It is also important to note that zero and 255 are special node numbers. Zero is not allowed as a node number in AppleTalk networks, and 255 is the broadcast node number for AppleTalk networks. As a result, each network number can support a maximum of 254 nodes. Extending that concept to a cable range implies that n X 254 = MAX, where n is the number of network numbers in the cable range and MAX is the maximum number of addressable hosts on a cable range.{Answer to Self Test Question #37}
AppleTalk address assignment is dynamic for Macintosh clients, and semi-automatic for routers. First, let’s see how routers get their addresses. When a router is configured to run the AppleTalk protocol suite, one of the required commands is the AppleTalk cable-range command. {Answer to Self Test Question #35} APPLETALK CABLE-RANGE command is used to assign a cable-range to a network link. The network number assigned to each network segment must be unique. {Answer to Self Test Question #36} Network numbers can not be reused, and nor can the assigned ranges overlap. You cannot assign network segment A the cable range 300 – 400, and then assign segment B a cable range of 400 – 500. If your router would accept such a configuration, network 400 would belong to two different cable ranges. To solve this problem, network segment A should be assigned a cable range of 300 – 399, and segment B should be assigned a cable range of 400 – 499. There is no requirement that consecutive cable ranges be used. Therefore, we could assign segment B a cable range of 7000 – 7049 instead of 400 – 499. Now that we understand how to assign network numbers, let’s see how they are used to form a complete address.Any number within a network segment’s cable range can be used as the network portion of the AT address for a node on that link. Notice in Figure 8-2 that the cable range for the upper E0 interface is 55906 – 62000. If you examine the network portion of all the nodes on the E0 segment, you will notice that all of the cable ranges fit within the assigned range. But how did the nodes get these addresses? Since address assignment is automatic in AppleTalk, each node uses a built-in algorithm to obtain a complete AT address. First, the node will send a broadcast query to any AT routers on the link to find out what the cable range is for the network link to which it is attached. Once the router responds with the appropriate cable range, the node will choose a network number within the cable range to use as its network number. It then starts picking node numbers to pair with the previously chosen network number. But before using the newly selected network and node numbers, the node will query the network link to see if any other device is already using the combination of network and node number it has just selected. If another device on the network is already using the address in question, the host will try additional network and node combinations until an unused address is found. Routers use the same procedure for obtaining the AppleTalk addresses for their AppleTalk interfaces, unless the network and node number are statically configured on the end of the cable-range command.
AppleTalk Zones
{Answer to Self Test Question #5}
An AppleTalk zone is a subset of an AppleTalk internetwork. Each zone usually contains related network resources. Since all network nodes must belong to a zone, the zone mechanism in AppleTalk allows related nodes to be grouped together in what one might call a workgroup. The fascinating thing about zones is that members of a zone can be located anywhere in the AppleTalk internetwork, regardless of the geographical proximity of the zone members. This is very similar to the concept of virtual LANs that perform a similar function in many Ethernet switches, such as the Cisco Catalyst 5000. The Zone Information Protocol is responsible for maintaining a table of information that includes zone names and associated network numbers. {Answer to Self Test Question #24}If zones are not used, all NBP requests are sent throughout the entire AppleTalk internetwork, creating unnecessary overhead traffic. Figure 8-3 contains a sample configuration of a cable range assigned to its primary AppleTalk zone.
Figure 3 Single AppleTalk zone assignment
{Answer to Self Test Question #7}
Figure 8-4, by contrast, shows a configuration with a cable range assigned to two zones. In this configuration, Twilight will be seen as the primary AppleTalk zone for both routers, and Ozone will be seen as an "additional" zone.
Figure 4 Multiple zone assignment
Assigning the same cable range to multiple zones is permitted with the Cisco operating system, and it is also permissible to have more than one router attached to a network link. However, it is important to note that any two or more routers attached to the same network link must agree on both the cable range and the zone name assigned to the network link. Failure to keep this aspect of the configurations synchronized will result in a configuration error. The configurations in Figure 8-4 are considered synchronized, because the cable range and zone names for the Ethernet interfaces are identical on both routers.
The power of the zone concept can be illustrated by the following example. General Engines is a multinational corporation with its headquarters in Detroit, Michigan. The company’s operations are divided into three regions of the world, and each region has its own vice president. General Engines’ global AppleTalk network supports its worldwide manufacturing operations. A special Executive zone has been created in this network to contain all of the network resources that are used by the top company executives and their staffs. The routers that supports the Detroit, Paris, and Johannesburg offices each have their Ethernet 0 interfaces assigned to the Executive zone. This allows the executive resources to be installed on the Ethernet 0 network segments of each router. When an executive in Detroit requests file services from the Executive zone, NBP will return a list of all the Detroit, Paris, and Johannesburg executive file servers. Similarly, the Engineering and Accounting departments have their own zones, which contain their network resources. The Zone Information Protocol makes functional grouping of network resources possible without respect to the geographical locations involved. ZIP updates are exchanged among the routers in the internetwork, and non-router network nodes obtain zone information from the routers via the AppleTalk GETZONELIST command.
AppleTalk Routing
{Answer to Self Test Question #9}
Cisco currently supports three routing protocols for maintaining AppleTalk routing tables. The default routing protocol on Cisco routers is the Routing Table Maintenance Protocol. The Apple Update-Based Routing Protocol and Enhanced Interior Gateway Routing Protocol are also supported in the Cisco IOS, but they are primarily used on WAN links between routers. AppleTalk routing tables contain information about the cable ranges assigned to each link in the internetwork, and which path is the best path to each network, as identified by its cable range. The metric used to calculate which path is best is called the hop count metric. Hop count is the number of additional routers through which a packet leaving a router interface must travel to reach the destination cable range.{Answer to Self Test Question #10}, {Answer to Self Test Question #25}
Since RTMP is a distance vector routing protocol, it exchanges routing updates with neighboring routers on a periodic basis. The AppleTalk designers chose to set the default frequency for AppleTalk RTMP updates at ten seconds. This means that every ten seconds, an RTMP update will be broadcast from every router interface configured to support AppleTalk. As a result, operating an AppleTalk network with RTMP produces a large amount of overhead traffic on the internetwork. These routing updates can cause congestion on low-speed links with large routing tables, because routing updates must compete with user data for access to the available bandwidth on each network link.RTMP updates are issued from every RTMP capable router every ten seconds. The content of the update represents each router’s view of the network topology as represented by the cable ranges. Each update consists of a set of data structures called tuples, which contain a cable range and a hop count value. The hop count associated with a cable range indicates the number of additional routers through which a packet must travel to reach that cable range. You should find the RTMP behavior described here similar that of other distance vector routing protocols, like RIP, described in Chapter 5. RTMP also shares the 15-hop maximum that is found in RIP version 1.
To view an AppleTalk routing table on a Cisco router,
the SHOW APPLETALK ROUTE command is used. This command will display the current AppleTalk routing table regardless of which routing protocol is used to create and maintain the routing table. Likewise, the SHOW APPLETALK GLOBALS command can be used to display how many RTMP updates have been sent from, and received by, this router. A sample RTMP routing table is shown and described in the section called Verifying and Monitoring AppleTalk Configurations, later in this chapter.RTMP, like other distance vector routing protocols, employs the split-horizon concept to help prevent routing loops and reduce the size of the routing tables. Unfortunately, the Cisco operating system does not permit the split-horizon feature to be deactivated, as can be done with IP routing protocols. As a result, an AppleTalk network that is not fully meshed (as is frequently seen in Frame Relay networks), may not be able to communicate with all of the other Frame Relay routers. You can use subinterfaces to resolve this problem, by assigning one subinterface per Frame Relay virtual circuit.
AppleTalk Discovery Mode
{Answer to Self Test Question #17}
Cisco routers support a feature called AppleTalk discovery (AD) mode. A router interface in AD mode (known as a non-seed router) will query the routers already configured on a network segment (known as seed routers) to find its cable range and zone name automatically. AD only works on Ethernet, Token Ring, and FDDI interfaces, and there are two ways to put a router interface into AD mode. The first method is to use the command CABLE-RANGE 0-0. 0-0 is a special cable range that signals the IOS to use AD mode on a given interface. The second method of placing an interface into AD mode involves using a standard cable range command followed by the command appletalk discovery. Tables 8-3 and 8-4 illustrate the two AppleTalk discovery methods. As these tables show, configuration files that use AD mode are modified once the discovery process has learned the cable range and zone name. Table 8-3 shows the pre-AD configuration files, and Table 8-4 shows the post-AD configuration files. In order for AD to work correctly, the seed routers must already be in place and operating before the AD processes are started on the non-seed routers. {Answer to Self Test Question #8}, {Answer to Self Test Question #39}, {Answer to Self Test Question #40}|
Command |
Explanation |
|
AppleTalk routing |
Starts AppleTalk routing process |
|
Interface e0 |
Switches to interface configuration mode for interface Ethernet 0 |
|
APPLETALK CABLE-RANGE 0-0 or AppleTalk discovery |
Puts interface Ethernet 0 into AppleTalk discovery mode |
Table 3 AppleTalk Discovery Mode Commands Before Discovery
|
Command |
Explanation |
|
AppleTalk routing |
Starts AppleTalk routing process |
|
Interface e0 |
Switches to interface configuration mode for interface Ethernet 0 |
|
APPLETALK CABLE-RANGE 200-299 |
Cable range discovered by AD process |
|
AppleTalk zone EtherZone |
Primary zone name discovered by AD process |
|
AppleTalk zone AppleZone |
Secondary zone name discovered by AD process |
Table 4 AppleTalk Discovery Mode Commands After Discovery
AppleTalk Configuration
This section consists of three parts. The first part identifies the commands required to make a Cisco router process (route) AppleTalk packets. In the second part, we will examine the commands required to implement AppleTalk access control lists (ACLs), and we end the chapter by describing some of the AppleTalk "show" commands.
The first command required to start routing AppleTalk traffic on a Cisco router is the appletalk routing global configuration command. This must be followed by the APPLETALK CABLE-RANGE and appletalk zone interface configuration commands. The purpose of each command is listed in Table 8-5. For a basic AppleTalk configuration, no other commands are required. However, the router does have many other commands for tailoring the AppleTalk configuration to meet more advanced requirements. Some of these advanced commands are discussed later in this section.
{Answer to Self Test Question #11}, {Answer to Self Test Question #16}, {Answer to Self Test Question #18}, {Answer to Self Test Question #19}, {Answer to Self Test Question #20}, {Answer to Self Test Question #29}, {Answer to Self Test Question #41}|
Command |
Configuration mode |
Purpose |
|
AppleTalk routing |
Global |
Start the AppleTalk routing process |
|
APPLETALK CABLE-RANGE 300-399 |
Interface |
Assign cable range to the link attached to the interface |
|
AppleTalk zone TWILIGHT |
Interface |
Assign zone name to the link attached to an interface |
|
AppleTalk protocol rtmp |
Interface |
Starts the RTMP routing protocol. (This command is not normally required. The operating system will automatically start the RTMP routing protocol on all interfaces with proper cable range and zone name assignments. It is only required when the routing protocol desired is on a given interface that is not RTMP.) |
Table 5 Basic AppleTalk Configuration Commands
Cable ranges are usually configured on each router interface according to a plan created by the network administrator, network manager, or network designer. It is also important to remember that the router will not accept any AppleTalk interface configuration commands until AppleTalk routing is enabled with the appletalk routing global configuration command. Figure 8-5 shows a basic AppleTalk network with cable ranges properly assigned.
Figure 5 AppleTalk network with cable ranges properly assigned
Each link in a network must have a unique cable range, and cable ranges must not overlap. Figure 8-6 shows an improperly configured network with duplicate and overlapping cable ranges. Even if your enterprise network spans the globe, the cable ranges must still be unique for each network link in the entire enterprise. {Answer to Self Test Question #37}
Figure 6 Improper AppleTalk cable range assignments
To expand the configuration to include access control lists, some additional commands are required. These commands are the subject of the next section.
The final required command in a bare AppleTalk routing configuration is the appletalk zone command. The purpose of this command is to assign one or more zone names to the network link connected to an interface. Network resources residing in a particular zone can be logically grouped together. Such grouping controls the spread of broadcasts associated with the Chooser application.
Cisco routers can filter AppleTalk packets, routing table updates, ZIP replies, ZIP updates, and NBP entities. All AT filtering is accomplished with access control lists.
{Answer to Self Test Question #12}AppleTalk access lists must be numbered between 600 and 699. Named access lists and inbound packet filtering ACLs are not currently supported in the IOS for AT. The best way to explain the use of AppleTalk ACLs is to work through some examples. Let’s begin by considering the network shown in Figure 8-7. The Staff zone is connected to the Ethernet 0 (E0) interface of RTA, and the Student zone is connected to the E1 interface of the same router. The objective of our first filter will be to deny packets originating on cable range 200 – 299 access to the Staff network (located in the Staff zone). To do this we will employ one AppleTalk packet filtering ACL. Since such ACLs are only supported in the outbound direction, we must apply the filter on the E0 interface. Table 8-6 shows the access list command will accomplish our objective. Notice that the access list command is a global configuration mode command, but it is not sufficient on its own. {Answer to Self Test Question #42}The appletalk access-group command is required to activate the access list on the interface.
Figure 7 Protecting network resources in the Staff zone
|
Command |
Explanation |
|
Access-list 600 deny cable-range 200-299 |
First line of access list 600. Denies any packets with source network number between 200 and 299. |
|
Access-list 600 permit other-access |
Allows packets from all other cable ranges |
|
Interface e0 |
Switches to interface configuration mode for interface Ethernet 0 |
|
APPLETALK CABLE-RANGE 100-199 |
Assigns cable range for Ethernet 0 |
|
AppleTalk zone Staff |
Assigns Ethernet 0 to the zone called Staff |
|
AppleTalk access-group 600 |
Applies access list 600 to interface Ethernet 0 in the outbound direction (all AppleTalk access lists are outbound unless otherwise specified. Inbound AppleTalk access lists are supported in Cisco IOS version 11.3) |
Table 6 Basic AppleTalk access list configuration
{Answer to Self Test Question #43}{Answer to Self Test Question #15}Now let us use an ACL to deny hosts in the Student zone access to the Staff zone. In the preceding example, the existence of the Staff zone would be known, because the GETZONELIST command issued by the Student Macintosh computer would have returned the names of all the zones in the network. In this example, a computer in the Student zone will not even know the Staff zone exists, because the content of the zone list returned to the computers in the Student zone will be filtered to exclude the Staff zone. All other zones in the network will be listed normally. Table 8-7 shows the configuration required for a GETZONELIST filter. In the previous example, attempts to access services in the Staff cable range fail with an error message. In this example, there will be no attempts to reach the forbidden resources, because as far as the Student zone is concerned, the Staff zone does not exist. The computers in the Staff zone do have access to the resources in the whole network (including those in the Student zone). In other words, using the GETZONELIST filter allows us to create one-way access filters. These types of filters are very useful in situations where the administrator or staff needs access to a public zone, but the public zone should not have access to the administrative resources, where sensitive information is kept.
|
Command |
Explanation |
|
AppleTalk routing |
Starts the AppleTalk routing process |
|
Access-list 600 deny zone Staff |
First line of Access list 600. It denies (filters) the zone called Staff. |
|
Access-list 600 permit additional-zones |
Second line of Access list 600. It permits all other zones to pass through the filter. |
|
Interface e0 |
Switches to interface configuration mode for interface Ethernet 0 |
|
APPLETALK CABLE-RANGE 100-199 |
Assigns cable range for Ethernet 0 |
|
AppleTalk zone Staff |
Assigns Ethernet 0 to the zone called Staff |
|
Interface e1 |
Switches to interface configuration mode for interface Ethernet 1 |
|
APPLETALK CABLE-RANGE 200-299 |
Assigns cable range for Ethernet 1 |
|
AppleTalk zone Student |
Assigns Ethernet 1 to the zone called Student |
|
AppleTalk GETZONELIST-filter 600 |
Applies access list 600 to interface Ethernet 0 as a GETZONELIST filter. When a client on E0 (a student client) queries the router for the AppleTalk zone list, the router will not include the zone Staff on the list, because access list 600 denies the zone called Staff. |
Table 7 AppleTalk GETZONELIST filter configuration
The access lists for AppleTalk illustrate the power of the operating system. There are many more options available to control and tailor the AppleTalk environment. One such enhancement is filtering the content of RTMP updates to include only those cable ranges you wish to advertise. {Answer to Self Test Question #14}Another feature is the capability to prevent a router from learning about a zone with the zip-reply-filter command. With so many options available, it is important to be able to manage the options and determine the current state of the router’s configuration. The next section describes the most important commands for managing and monitoring AppleTalk configurations.
Verifying and Monitoring AppleTalk Configurations
The three most important commands for monitoring AppleTalk configurations on a Cisco router are show appletalk interface, SHOW APPLETALK ROUTE, and show appletalk zone. These commands are used to check that AppleTalk is running, to check the AppleTalk routing table, and to check the AppleTalk zone table, respectively.
{Answer to Self Test Question #38}
The show appletalk interface command is one of the most useful AppleTalk show commands, because it will tell you whether you have improperly configured an interface, or whether the operating system has not yet processed the changes. This is important in AppleTalk configurations, because many AppleTalk configuration changes can take several minutes to reflect in the other show commands. Usually this is due to AppleTalk’s verification process. As shown is the output below, this command will tell the operator when AppleTalk verification has completed.RTB#sh appletalk interface e0
Ethernet0 is up, line protocol is up
AppleTalk port disabled, Verifying port net information
AppleTalk cable range is 300-399
AppleTalk address is 395.192, Valid
AppleTalk primary zone is "EtherZone"
AppleTalk additional zones: "AppleZone"
AppleTalk address gleaning is disabled
AppleTalk route cache is disabled, port initializing
The message "AppleTalk port disabled" in the preceding example, indicates that the Ethernet 0 interface is not yet active for processing AppleTalk packets, even though the cable ranges, address, and zone names have been found. The interface is attempting to verify the information to make sure that there is no configuration conflict with an existing router. Once the verification process has completed successfully, the router will issue the following console message. If screen logging is enabled, the message will be visible on the console.
%AT-6-CONFIGOK: Ethernet0: AppleTalk interface enabled; verified by 395.192
A follow up show appletalk interface command reveals that the port is now ready to process AppleTalk packets, because the "AppleTalk port disabled" line is absent.
Ethernet0 is up, line protocol is up
AppleTalk cable range is 300-399
AppleTalk address is 395.192, Valid
AppleTalk primary zone is "EtherZone"
AppleTalk additional zones: "AppleZone"
AppleTalk address gleaning is disabled
AppleTalk route cache is enabled
The show appletalk interface command is the most important show command for managing AppleTalk configurations, but the SHOW APPLETALK ROUTE command is also useful, especially when troubleshooting.
{Answer to Self Test Question #13}, {Answer to Self Test Question #45}, {Answer to Self Test Question #46}, {Answer to Self Test Question #47}
The SHOW APPLETALK ROUTE command displays the AppleTalk routing table. A sample routing table would be:RTA#show appletalk route
Codes: R - RTMP derived, E - EIGRP derived, C - connected, A - AURP
S – static, P - proxy
3 routes in internet
The first zone listed for each entry is its default (primary) zone.
R Net 100-199 [1/G] via 200.54, 7 sec, Serial0, zone EtherZone2
Additional zones: 'AppleZone'
C Net 200-200 directly connected, Serial0, zone WanZone
Additional zones: 'AppleZone'
C Net 300-399 directly connected, Ethernet0, zone EtherZone
Additional zones: 'AppleZone'
There are three networks (cable ranges) shown in the listing above. Moving through the information on the first network entry from left to right reveals a great deal of information about cable range 100 – 199. The "R" in front of the first entry indicates that the 100 – 199 cable range was learned through RTMP. This line also tells us that the advertised network is one hop away, the route is considered good (hence the "G"), and the neighbor router that advertised the 100 – 199 cable range has an AppleTalk address of 200.54. This router received its last update about cable range 100 – 199 seven seconds ago through the Serial0 interface. We also see that cable range 100 – 199 belongs to EtherZone2 and AppleZone. EtherZone2 is the primary zone for the cable range, and AppleZone is a secondary or "additional" zone. As we will see next, the zone information is duplicated in the show appletalk zone command. (If cable range 100-199 had been learned via EIGRP or AURP, the routing table entry would begin with an "E" or "A" respectively, instead of the "R" shown above.)
{Answer to Self Test Question #44}
The show appletalk zone command displays the cable range-to-zone associations for the entire internetwork. This sample AppleTalk zone table indicates that there are currently three properly configured AppleTalk zones in the network.RTB#Show appletalk zone
Name Network
EtherZone 300 – 399
AppleZone 200 – 200 300 – 399
WanZone 200 – 200
EtherZone and WanZone only cover one cable range each. AppleZone, however, covers both cable range 200 – 200 and cable range 300 – 399. Put another way, cable range 300 – 399 has been assigned to zone EtherZone and to zone AppleZone. Cable range 200 – 200 has been assigned to zone WanZone and to zone AppleZone.
In this section, we have introduced the three most important "show" commands associated with the AppleTalk protocol. The first was the show appletalk interface command. Its purpose is to identify the AppleTalk address and zone name configurations for each interface, and to indicate whether AppleTalk processing is enabled. The second command discussed in this section is the SHOW APPLETALK ROUTE command. The purpose of the SHOW APPLETALK ROUTE command is to identify the presence of other network links not directly connected to the current router. The SHOW APPLETALK ROUTE command lists each network connection by cable-range and also identifies both "primary" and "additional" zone assignments. Finally, the show appletalk zone command shows the ZIP table for the AppleTalk internetwork. Like the SHOW APPLETALK ROUTE command, it also reveals the zone name-to-cable range associations. However, the show appletalk zone command output is indexed by zone name instead of cable range. Careful use of these three commands will enable a network manager to successfully monitor AppleTalk configurations.
Certification Summary
In this chapter we have explored the most important aspects of the AppleTalk protocol for Cisco routers. The AppleTalk protocol stack and AppleTalk Services sections gave us an overview of the protocols used in AppleTalk. The AppleTalk Addressing and AppleTalk Configuration sections showed us how to configure routers to process AppleTalk traffic, and introduced two types of AppleTalk access lists. The "show" commands at the end of the chapter indicated how to verify proper operation of the AppleTalk configuration on a router. Mastery of these topics will provide the knowledge required to score well on the AppleTalk questions in the Cisco Certified Network Associate examination.
Two-Minute Drill
The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully, as there may be more than one correct answer. Choose all correct answers for each question.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
A. RTMP broadcasts its routing table to its neighbors every 10 seconds.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
C. The access list numbers used for AppleTalk filtering are 600 – 699.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
B. AppleTalk discovery activates the auto discovery process in Cisco routers.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
B. FDDI Talk supports 100 Mbps. Token Talk supports 4 or 16 Mbps. Local Talk supports 230 Kbps.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
C. NBP is a transport layer protocol.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
A. ADSP is the preferred protocol for data exchange between applications.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
A. 255 is used as broadcast node number.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
A. True. The node may pick any network number within the range.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
B. The 0 – 0 cable range is used to indicate to IOS that AD should be used.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
C. R indicates that the cable range 300 – 399 was learned via RTMP.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407
C. 400.97 is the AppleTalk address of the router that advertised the cable range.
CCNA Routing and Switching Study Guide: Self Test for Exam 640-407