Command:

ipx access-group


Mode:

Router(config-if)#

Syntax:

ipx access-group {access-list-number | name} [in | out]

no ipx access-group [access-list-number | name] [in | out]

Syntax Description:

access-list-number

Number of the access list. For standard access lists, access-list-number is a number from 800 to 899. For extended access lists, access-list-number is a number from 900 to 999.

name

Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.

in

(Optional) Filters inbound packets. All incoming packets defined with either standard or extended access lists are filtered by the entries in this access list.

out

(Optional) Filters outbound packets. All outgoing packets defined with either standard or extended access lists and forwarded through the interface are filtered by the entries in this access list. This is the default when you do not specify an input (in) or output (out) keyword in the command line.


Command Description:

To apply generic input and output filters to an interface, use the ipx access-group interface configuration command. To remove filters, use the no form of this command.

Generic filters control which data packets an interface receives or sends out based on the packet's source and destination addresses, IPX protocol type, and source and destination socket numbers. You use the standard access-list and extended access-list commands to specify the filtering conditions.

You can apply only one input filter and one output filter per interface or subinterface.

When you do not specify an input (in) or output (out) filter in the command line, the default is an output filter.

You cannot configure an output filter on an interface where autonomous switching is already configured. Similarly, you cannot configure autonomous switching on an interface where an output filter is already present. You cannot configure an input filter on an interface if autonomous switching is already configured on any interface. Likewise, you cannot configure input filters if autonomous switching is already enabled on any interface.


Example:

The following example applies access list 801 to FastEthernet interface 0/1. Because the command line does not specify an input filter or output filter with the keywords in or out, the software assumes that it is an output filter.

Router(config)#interface fastethernet 0/1
Router(config-if)#ipx access-group 801

The following example applies access list 901 to FastEthernet interface 0/0. The access list is an input filter access list as specified by the keyword in.

Router(config)#interface fastethernet 0/0
Router(config-if)#ipx access-group 901 in

To remove the input access list filter in the previous example, you must specify the in keyword when you use the no form of the command. The following example correctly removes the access list:

Router(config)#interface fastethernet 0/0
Router(config-if)#no ipx access-group 901 in

Misconceptions:
None

Related Commands:
access-list (IPX standard)
access-list (IPX extended)
ipx access-list

� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)