Command:

access-list (IPX standard)


Mode:

Router(config)#


Syntax:

access-list access-list-number {deny | permit} {-1 | source-network | source-network.source-node |source-network.source-node source-node-mask} [-1 | destination-network |destination-network.destination-node | destination-network.destination-node destination-node-mask]

no access-list access-list-number {deny | permit} {-1 | source-network | source-network.source-node |source-network.source-node source-node-mask} [-1 | destination-network |destination-network.destination-node | destination-network.destination-node destination-node-mask]


Syntax Description:

access-list-number

Number of the access list. This is a number from 800 to 899.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

source-network

Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks.

Leading zeros do not need to be specified in the network number. For example, for the network number 000000AA, simply enter AA.

.source-node

(Optional) Node on source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

source-node-mask

(Optional) Mask to be applied to source-node. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions to be masked.

destination-network

(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks.

Leading zeros do not need to be specified in the network number. For example, for the network number 000000AA, simply enter AA.

.destination-node

(Optional) Node on destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

destination-node-mask

(Optional) Mask to be applied to destination-node. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions to be masked.

 


Command Description:

To define a standard IPX access list, use the standard version of the access-list global configuration command. To remove a standard access list, use the no form of this command.

Standard IPX access lists filter on the source network. All other parameters are optional.

Use the ipx access-group command to assign an access list to an interface. Only one extended or one standard access list can be applied to an interface. The access list filters all outgoing packets on the interface.

To delete a standard access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:

Router (config)#no access-list access-list-number

To delete the access list for a specific network, use the following command:

Router (config)#no access-list access-list-number {deny | permit} source-network

 


Example:

The following example denies access to traffic from all IPX networks (-1) to destination network 2:

Router(config)#access-list 800 deny -1 2
  

The following example denies access to all traffic from IPX address 1.0000.0c00.1111:

Router(config)#access-list 800 deny 1.0000.0c00.1111
  

The following example denies access from all nodes on network 1 that have a source address beginning with 0000.0c:

Router(config)#access-list 800 deny 1.0000.0c00.0000 0000.00ff.ffff 
  

The following example denies access from source address 1111.1111.1111 on network 1 to destination address 2222.2222.2222 on network 2:

Router(config)#access-list 800 deny 1.1111.1111.1111 0000.0000.0000 2.2222.2222.2222 0000.0000.0000
 or
Router(config)#access-list 800 deny 1.1111.1111.1111 2.2222.2222.2222 


Misconceptions:

IPX standard access lists cannot filter based on source and destination addresses (they, in fact, can).

Related Commands:

 

access-list (IPX extended)

 

ipx access-list

 

ipx access-group

 


� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)