From: Wu, Jiang (wujiang@xxxxxxxxx)
Date: Sat Dec 02 2000 - 03:06:11 GMT-3
It seems not filtering packets generated by the local router.
Thanks,
Wu
----- Original Message -----
From: Simon Baxter <Simon.Baxter@au.logical.com>
To: CCIE Group Study (E-mail) <ccielab@groupstudy.com>
Sent: Saturday, December 02, 2000 9:58 AM
Subject: IPX packet filtering
> Hello all.
>
> Can anyone please explain when you would (and how) use ipx access-group <#>
> 'out'??
>
> I can filter packets on the incoming, but cannot filter outgoing.
>
> ie
> interface Serial0
> ip address 130.14.15.66 255.255.255.0
> no ip directed-broadcast
> no ip mroute-cache
> ipx access-group 900 out
> ipx input-sap-filter 1000
> ipx network 65
> no ipx route-cache
> no fair-queue
> clockrate 64000
> !
> 2502#sh access-l
> IPX extended access list 900
> deny any any all any all log
> deny 0 any eigrp any eigrp log
> deny 0 any all any all log
> IPX sap access list 1000
> deny FFFFFFFF 0 7200*
> permit FFFFFFFF 0
>
> 2502#ping 129.0060.837b.ccde
>
> Type escape sequence to abort.
> Sending 5, 100-byte IPXcisco Echoes to 129.0060.837b.ccde, timeout is 2
> seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
> 2502#
>
>
> I thought it might be due to this line in the text : "You cannot configure
> an output filter on an interface where autonomous switching is already
> configured". I gather this means fast-switching - hence my "no ipx
> route-cache".
>
>
> HELP!!!
>
> (10 days)
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:57 GMT-3