Filtering IPX Traffic and SAPs 491
configured. The other key difference is that when a named matching statement is deleted, only
that specific statement is deleted. With numbered lists, the deletion of any statement in the list
deletes all the statements in the list. (This feature will be demonstrated in more detail in an
upcoming example.)
Table 7-11 lists the key IPX access list configuration commands and shows their differences and
similarities.
*
The permit and deny commands are subcommands to the ipx access-list command.
The word name represents a name created by the administrator. This name must be unique
among all named access lists of all types in this router. Also, note that because the named list
does not imply standard, extended, or SAP by the value of the number of the list, the command
explicitly states the type of access list. Also, the . . . represent all the matching parameters,
which are identical in meaning and syntax when comparing the respective numbered and named
IPX access lists. Also note that the same command is used to enable the list on an interface for
both numbered and named lists.
One difference between the two types of lists is that individual matching statements can be
removed from the named lists. Example 7-15 shows the configuration mode output when
entering a named SAP access list on R1. The key to this example is to notice the changes. One
statement is deleted and then re-added to the list, but this changes the order of the list. Example
7-15 shows the details.
Table 7-11
Comparison of Named and Numbered IPX Access List Configuration Commands
Numbered
Named
Standard matching command
access-list 800-899
permit | deny . . .
*
ipx access-list standard name
permit | deny . . .
Extended matching command
access-list 900-999
permit | deny . . .
*
ipx access-list extended name
permit | deny . . .
SAP matching command
access-list 1000-1099
permit | deny . . .
*
ipx access-list sap name
permit | deny . . .
Standard access list enabling
command
ipx access-group 800-899
in | out
ipx access-group name in | out
Extended access list enabling
command
ipx access-group 900-999
in | out
ipx access-group name in | out
SAP filter enabling command
ipx output-sap-filter 1000-
1099
ipx input-sap-filter 1000-1099
ipx output-sap-filter name
ipx input-sap-filter name
ch07.fm Page 491 Monday, March 20, 2000 5:14 PM