Use Cisco's IPX SAP access list to control SAP traffic

If you're a Novell engineer administering an older Novell network using SAP broadcasts, you can use a Cisco IPX SAP access list to improve performance. Warren Heaton has the details.

If you’re running an older Novell network with NDS and IP, you can use Cisco routers to control SAP traffic. Here’s how.

The Service Advertising Protocol (SAP) is responsible for advertising services, such as file, print, and other services, within a Novell IPX network. In a routed network, SAP tables are maintained by Novell servers and Cisco routers. The amount of traffic generated by servers and routers as they exchange SAP tables can be considerable. To help control this traffic, Cisco has implemented IPX SAP access lists.

How does SAP work?
Service Advertising Protocol (SAP) is used to publish services offered by Novell IPX servers. Each server within a Novell IPX network maintains a table of the services it has to offer and shares this table with every Novell server on the network. Novell IPX servers share the SAP table by generating a SAP broadcast every 60 seconds. Contained in the SAP broadcast is the entire SAP table for the server initiating the broadcast. The SAP tables are then used by Novell IPX clients, using the Get Nearest Server (GNS) broadcast request, to obtain Novell IPX server services.

By default, when a Cisco router is used to segment a network, broadcasts are not forwarded across the router. This means that if a Cisco router were placed between Novell IPX clients and a Novell IPX server, the client's GNS request would never reach the Novell IPX server, and the client would not be able to log on to and use the services offered by the Novell IPX server.

Well, that's what it would mean, if Cisco routers didn't implement a special feature. By default, when IPX routing is implemented on a Cisco router, the router listens to SAP broadcasts and maintains its own SAP table. This allows the Cisco router to respond to the Novell IPX client's GNS request, thus allowing the client access to the desired services.

In a small network, this all works great. Novell IPX clients are able to reach the Novell IPX servers even though the servers may be on a different network. However, let’s say there are 2,000 Novell IPX servers on a Cisco network with 1,000 routers, and each server and router is broadcasting its entire SAP table every 60 seconds. This could bring the network to a standstill. So how can you manage the SAP traffic in an enterprise environment? The answer is IPX SAP access lists. (Note: The answer could also be to upgrade the network to a newer version of Novell NetWare that uses IP and NDS.)

Cisco’s IPX SAP access lists
IPX SAP access lists are numbered from 1,000 to 1,099 and are similar in syntax to IP access lists. IPX SAP access lists can filter incoming and outgoing SAP broadcasts on a per-interface basis. Additionally, SAP broadcast can be filtered based on the network, node, service type, and server name. The syntax to create an IPX SAP access list is:
Access-list {1000-1099} [deny|permit] network[.node] [service-type[server-name]]

For even more control over SAP traffic generated by Cisco routers, the ipx sap-incremental command can be used. This command allows the administrator to control SAP timers. Using this command, the administrator could change the update timer from the default of 60 seconds to some other number more appropriate for the network.

Multiprotocol networks
Designing and managing networks running IPX, IP, and various other protocols can be a challenge. For more information on maintaining your IPX or multiprotocol network, check out Cisco Internetwork Design , by Cisco Press.

Warren Heaton CCDA, CCNA, MCSE+I is the Cisco program manager for A Technological Advantage in Louisville, KY.

If you'd like to share your opinion, please post a comment below or send the editor an e-mail.

Editor's Picks

Free Newsletters, In your Inbox