IPX Access Lists
477
second, the Finance LAN would have not been able to go to any other LAN
or to the Internet because of the implicit deny at the end of the list. It would
be difficult to configure the list any other way than the preceding example.
After the lists are created, they need to be applied to the Ethernet 0 port.
This is because the other three interfaces on the router need access to the
LAN. However, if this list were created to only block Sales, then we would
have wanted to put this list closest to the source, or on Ethernet interface 2.
Acme(config-if)#ip access-group 110 out
Monitoring IP Access Lists
It is important to be able to verify the configuration on a router. The follow-
ing commands can be used to verify the configuration:
IPX Access Lists
I
PX access lists are configured the same way as any other list. You use
the access-list command to create your access list of packet tests and
then apply the list to an interface with the access-group command.
I will discuss the following IPX access lists:
IPX standard These access lists filter on IPX source and destination host
or network number. They use the access-list numbers 800899. IPX
Command
Effect
show access-list
Displays all access lists and their parameters
configured on the router. This command does
not show you which interface the list is set on.
show access-list 110
Shows only the parameters for the access list
110. This command does not show you the
interface the list is set on.
show ip access-list
Shows only the IP access lists configured on the
router.
show ip interface
Shows which interfaces have access lists set.
show running-config
Shows the access lists and which interfaces
have access lists set.
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com