490
Chapter 9
Managing Traffic with Access Lists
10.
Try telnetting from host 172.16.10.2 to 2501A using the destination
IP address of 172.16.20.2. The following messages should be gener-
ated on 2501A's console. However, the ping command should work.
From host 172.16.10.2: >telnet 172.16.20.2
On 2501A's console, this should appear as follows:
01:11:48: %SEC-6-IPACCESSLOGP: list 110 denied tcp
172.16.10.2(1030) -> 172.16.20.2(23), 1 packet
01:13:04: %SEC-6-IPACCESSLOGP: list 110 denied tcp
172.16.10.2(1030) -> 172.16.20.2(23), 3 packets
Hands-on Lab 9.3: Standard IPX Access Lists
In this lab, you will configure IPX to allow only IPX traffic from IPX Net-
work 30 and not from IPX Network 50.
1.
Remove any existing access lists on the 2501A router. Because this is
an IPX standard access list, the filtering can be placed anywhere on
the network since it can filter based on IPX source and destination
IP addresses.
2.
Verify that you have the IPX network working as shown in Figure 9.3.
Use the show ipx route command to see all networks on your routers.
3.
Configure an access list on 2501A to allow only IPX traffic from Net-
work 30 and to deny IPX Network 50. IPX standard lists use the
access-list numbers 800899.
2501A#config t
RouterC(config)#access-list 810 ?
deny Specify packets to reject
permit Specify packets to permit
4.
First, deny IPX Network 50, then permit everything else. The 1 is a
wildcard in IPX.
2501A(config)#access-list 810 deny ?
-1 Any IPX net
<0-FFFFFFFF> Source net
N.H.H.H Source net.host address
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com