484 Chapter 7: Understanding Access List Security
Extended IPX Access Lists
Extended access lists for IPX can check several additional fields in the IPX packet header, as
compared to standard IPX access lists. Cisco expects CCNAs to remember all the items that can
be matched using a standard or extended IPX access-list command. Table 7-10 summarizes
those items, and Figure 7-8 shows the relative location of the fields in the headers.
Figure 7-8
Header Fields Matchable Using IPX Access Lists
The protocol type is a field that is not shown in many examples in other references, such as the
Cisco IOS documentation CD. Figure 7-9 shows example packets that would be matched by the
various protocol types.
Table 7-10
IPX Standard and Extended Access Lists--Matching
Type of Access List
What Can Be Matched
IPX Standard
Source network
Source IPX address (network and node)
Source network and portions of the node address, using a node mask
Destination network
Destination IPX address (network and node)
Destination network and portions of the node address, using a node mask
IPX Extended
Same points as with an IPX standard access list in addition to items in the
rows that follow
Portions of entire source IPX address, using a wildcard mask
Portions of entire destination IPX address, using a wildcard mask
Protocol type
Source socket
Destination socket
5
1
6
4
2
6
4
2
IPX Header
Defines What's Over Here
Miscellaneous
Header
Fields
Packet
Type
Destination
Node
Destination
Network
Destination
Socket
Source
Network
Source
Node
Source
Socket
RIP, SAP,
NCP, SPX,
NetBIOS
ch07.fm Page 484 Monday, March 20, 2000 5:14 PM