From: Brian McGahan (brian@xxxxxxxxxxxxxxx)
Date: Sun Jun 09 2002 - 20:01:57 GMT-3
Georg,
IPX access-list behave the same as IP access-lists with their
wildcard masks. The big difference here is that IPX lists are in HEX.
To match with a source or destination wildcard, you have to use an
extended IPX access-list (900 series). For example, let's say we're
trying to match all networks that end in an even number. In binary,
even numbers always end in a 0, therefore, we only need to check to make
sure that the network number ends in a 0 (in binary). The syntax would
be as follows:
access-list 900 permit any 0.0000.0000.0000 FFFFFFFE.ffff.ffff.ffff
Each HEX digit is 4 bits, therefore to check the digit exactly,
the wildcard is 0. To ignore the digit completely, the wildcard is F.
Another important point to remember here is that in the wildcard,
leading 0's are prepended unless you specify a mask. Therefore, make
sure that your wildcard mask is:
'FFFFFFFE', not just 'E'. 'E' actually means '0000000E'.
When in doubt, write out what you're trying to match in binary, then
convert to HEX.
HTH
Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com
CyscoExpert Corporation
Internetwork Consulting & Training
http://www.cyscoexpert.com
Voice: 847.674.3392
Fax: 847.674.2625
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Treptow, Georg
Sent: Sunday, June 09, 2002 5:17 PM
To: 'ccielab@groupstudy.com'
Subject: IPX access-list
Hello,
Can someone explain IPX network address and masks for access-list to me.
The
CCO has very poor examples.
I am trying to block all uneven networks from entering my routing
tables.
Thanks a lot,
Georg Treptow
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:29 GMT-3