nodes, the node mask will almost never be useful.
oversights in an access list design before the access-lists are deployed. Such an oversight is true
of Example 7-11--or, more accurately, the criteria used for Example 7-11. Note that the criteria
all mentioned network numbers, but no servers were mentioned. The oversight is that when
clients connect to servers whose code level is NetWare 3.11 and beyond, the address used by
the server to communicate with the client uses the server's internal network number. So, in
Example 7-11, the effect is an interesting mental exercise. access-list 810, with the explicit
"permit all," would permit the client-server traffic exiting R1's Ethernet0, while access-list 820,
with the implied "deny all" would prevent all client-server traffic from entering R1's serial1
interface.
the criteria for these access lists:
not the network numbers on the LAN segments.
!
interface serial0
ip address 10.1.1.1 255.255.255.0
ipx network 1001
!
interface serial1
ip address 10.1.2.1 255.255.255.0
ipx network 1002
ipx access-group 820 in
!
interface ethernet 0
ip address 10.1.200.1 255.255.255.0
ipx network 200
ipx access-group 810
!
access-list 810 deny 2001
access-list 810 permit -1
!
access-list 820 deny 3001
access-list 820 permit -1