Understanding network address restrictions
(Last modified: 10Oct2002)
This document (10065373) is provided subject to the disclaimer at the end of this document.
goal
Understanding network address restrictions
fact
NDS7
eDirectory 8
eDirectory 8.5
Novell NetWare 4.x
Novell NetWare 5.x
symptom
User cannot login
fix
Address restriction theory
For normal NetWare clients, you can set IPX and IP address restrictions. All the other kind of address restrictions are for other purposes and of no relevance here. When setting any address restriction, you automatically exclude any address that is not in the list, even when this is a different protocol. That means when you define an IPX address restriction, but no IP address restriction, no IP user can login. Furthermore, clients that try to login over IP will get
a connection refused, and they will not try IPX instead.
Now for the details for each protocol
IPX :
IPX address restrictions contain a network and a node part. If you put FFFFFFFFFFFF in the node address field, all workstations from the specified network can login
NetWare/IP :
NetWare/IP is just considered as being IPX. The network part of the address is the IPX network assigned to the whole NetWare/IP net. The IPX node address is like this: 7E00<ip address in hex>
SCMD :
Just like NetWare/IP, SCMD is considered as being IPX. The IPX network number is FFFFFFFD by default or whatever address override you used when loading SCMD. The IPX node address is like this : 7E01<ip address in hex>
native IP :
NetWare allows you to specify IP address restrictions for native IP connections. However with IP you can just enter an address. There is no clear distinction between network and node. When entering the IP address of a station, only the station with that IP address can login. In order to allow all workstations from a net to login, you enter the IP address of the network which is the IP address were the station part is set to 0. For instance, if you have a network with addresses from 192.168.1.0 to 192.168.1.255, you would enter 192.168.1.0 as IP address restrictions to allow all stations from that network to login.
Attention : setting IP address restrictions for whole networks only works if you have any of the following versions of DS.NLM :
NDS7 : any version
NDS8 / eDirectory 8 : DS.NLM 8.77g or later
eDirectory 8.5 : DS.NLM 85.17 or later
You can find all the latest NDS updates here : support.novell.com/filefinder
NetWare servers :
Some programs allow you to login as a user from the server console. In this case, login restrictions do also apply, but you must understand which address the server will use.
NetWare 4.x servers will always use the internal IPX network address and 000000000001 as node address to login. This is both the case for local connections and for connections to remote servers.
NetWare 5.x servers will not use any address for local logins. Because of this, you cannot use network address restrictions to prevent user logins from a NetWare 5.x server console. For connections to remote servers, either the internal IPX network number, or one of the server’s IP addresses will be used. This depends on the server’s protocol preferences and on the protocols that are available on the remote server.
document
| Document Title: | Understanding network address restrictions |
| Document ID: | 10065373 |
| Solution ID: | NOVL60786 |
| Creation Date: | 15Oct2001 |
| Modified Date: | 10Oct2002 |
| Novell Product Class: | Management Products NetWare |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.