From: Tracy Blackmore (TracyB@xxxxxxxxx)
Date: Sat Dec 02 2000 - 09:32:15 GMT-3
Another one of those "pitfalls" ! I ran into this as well. Mine was an IP
access list denying ICMP but the router would still ping. If you have
another router that you can place behind 2502 and try your IPX ping from
there I think that you'll find that the access-list works. I just doesn't
from the source router. Good luck!
Tracy W. Blackmore
T.S. Lad Consulting
1026 E Stanford Ave.
Gilbert, AZ., 85234
(480)558-0472
-----Original Message-----
From: Simon Baxter [mailto:Simon.Baxter@au.logical.com]
Sent: Friday, December 01, 2000 6:59 PM
To: CCIE Group Study (E-mail)
Subject: IPX packet filtering
Hello all.
Can anyone please explain when you would (and how) use ipx access-group <#>
'out'??
I can filter packets on the incoming, but cannot filter outgoing.
ie
interface Serial0
ip address 130.14.15.66 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
ipx access-group 900 out
ipx input-sap-filter 1000
ipx network 65
no ipx route-cache
no fair-queue
clockrate 64000
!
2502#sh access-l
IPX extended access list 900
deny any any all any all log
deny 0 any eigrp any eigrp log
deny 0 any all any all log
IPX sap access list 1000
deny FFFFFFFF 0 7200*
permit FFFFFFFF 0
2502#ping 129.0060.837b.ccde
Type escape sequence to abort.
Sending 5, 100-byte IPXcisco Echoes to 129.0060.837b.ccde, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
2502#
I thought it might be due to this line in the text : "You cannot configure
an output filter on an interface where autonomous switching is already
configured". I gather this means fast-switching - hence my "no ipx
route-cache".
HELP!!!
(10 days)
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:57 GMT-3