490 Chapter 7: Understanding Access List Security
The following list shows the fields that can be matched for each service advertised, or to be
advertised, in a SAP update.
·
Source network
·
Source IPX address (network and node)
·
Portions of the source address, using a wildcard mask
·
Destination network
·
Destination IPX address (network and node)
·
Portions of the destination address, using a wildcard mask
·
Service type
·
Server name
Named IPX Access Lists
Named IPX access lists allow the same logic to be configured as with numbered standard,
extended, and SAP access lists. As a CCNA, you will need to remember the differences in
syntax of the configuration commands and be able to create both numbered and named lists
with the same logic. The key differences between numbered and named IP access lists are listed
here:
·
Names are more intuitive reminders of the function of the list.
·
Names allow more access lists than 100 standard, extended, and SAP access lists, which
is the restriction using numbered access lists.
·
Named access lists allow individual statements to be deleted. Numbered lists allow for
deletion only of the entire list. Insertion of the new statement into a named list requires
deletion and re-addition of all statements that should follow the newly added statement.
·
The actual names used must be unique across all named access lists of all protocols and
types on an individual router. Names can be duplicated on different routers.
The configuration syntax is very similar between named and numbered IPX access lists. The
items that can be matched with a numbered standard IPX access list are identical to the items
that can be matched with a named standard IPX access list. Likewise, the items are identical
with both numbered and named extended IPX access lists, as well as with numbered and named
SAP access lists.
One key difference is that named access lists use a global command, which moves the user into
a named IPX access list submode, under which the matching and permit/deny logic is
ch07.fm Page 490 Monday, March 20, 2000 5:14 PM