Page 501

Filtering IPX Traffic and SAPs 477

CCNAs deal with SAPs and SAP filtering on a regular basis and with IPX packet filtering a little
less often. Both numbered and named IPX access lists are available. The configuration
commands used for these filters are listed in Table 7-8; the EXEC commands related to IPX
filtering are shown in Table 7-9.

Table 7-8

IPX Access List Configuration Commands

Command

Configuration Mode and Purpose

access-list {800-899} {permit | deny} source-
network [.source-node [source-node-mask]]
[destination-network [.destination-node
[destination-node-mask]]]

Global command to create numbered standard
IPX access lists

access-list {900-999} {permit | deny} protocol
[source-network] [[[.source-node [source-node-
mask]] | [.source-node source-network-
mask.source-node-mask]] [source-socket]
[destination-network] [[[.destination-node
[destination-node-mask] | [.destination-node
destination-network-mask. Destination-node-
mask]] [destination-socket] log

Global command to create numbered extended
IPX access lists

access-list {1000-1099} {permit | deny} network
[.node] [network-mask.node-mask] [service-type
[server-name]]

Global command to create numbered SAP access
lists

ipx access-list {standard | extended | sap } name

Global command to begin creation of a named
standard, extended, or SAP access list

{permit | deny} source-network [.source-node
[source-node-mask]] [destination-network
[.destination-node [destination-node-mask]]]

Named access list subcommand for standard
access lists

{permit | deny} protocol [source-network]
[[[.source-node [source-node-mask]] | [.source-
node source-network-mask.source-node-mask]]
[source-socket] [destination-network]
[[[.destination-node [destination-node-mask] |
[.destination-node destination-network-mask.
Destination-node-mask]] [destination-socket] log

Named access list subcommand for extended
access lists

{permit | deny} network [.node] [network-
mask.node-mask] [service-type [server-name]]

Named access list subcommand for SAP access
lists

ipx access-group {number | name [in | out] }

Interface subcommand to enable a named or
numbered, standard or extended IPX access list

ipx output-sap-filter list-number

Interface subcommand to enable SAP access lists
used for outbound SAP packets

ipx input-sap-filter list-number

Interface subcommand to enable SAP access lists
used for inbound SAP packets

ch07.fm Page 477 Monday, March 20, 2000 5:14 PM