RE: IPX access-list

From: Denise Donohue (fradendon@xxxxxxxxxxx)
Date: Sun Jun 09 2002 - 21:19:06 GMT-3

• Next message: Anthony Pace: "Re: OSPF tags as a way to stop route feedback from redistribution-- what is the downside?"
• Previous message: Anthony Pace: "RE: OSPF into IGRP and summarizing into FLSM"
• Maybe in reply to: Treptow, Georg: "IPX access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
When I first read your email, I thought "No, that won't work, I tried that.
That combo was the first thing I thought of." But I just tested it and darn
if it didn't work! I ended up using something different that also worked,
but made some assumptions I wasn't real comfortable with, like that the
routers would use internal network 0.0.1 and the nets would start with 200x
(doing your sample lab.)

Just one little thing - In your sample lab, you say to prevent the
advertisement of print services from networks that end in an odd number. If
you just block all odd networks, then that doesn't accomplish the
requirement, IMHO. You would be blocking more than printers. So you have
to use a 1000 series list, don't you?

-- Denise

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Brian McGahan
Sent: Sunday, June 09, 2002 7:02 PM
To: 'Treptow, Georg'; ccielab@groupstudy.com
Subject: RE: IPX access-list

Georg,

        IPX access-list behave the same as IP access-lists with their
wildcard masks. The big difference here is that IPX lists are in HEX.
To match with a source or destination wildcard, you have to use an
extended IPX access-list (900 series). For example, let's say we're
trying to match all networks that end in an even number. In binary,
even numbers always end in a 0, therefore, we only need to check to make
sure that the network number ends in a 0 (in binary). The syntax would
be as follows:

access-list 900 permit any 0.0000.0000.0000 FFFFFFFE.ffff.ffff.ffff

        Each HEX digit is 4 bits, therefore to check the digit exactly,
the wildcard is 0. To ignore the digit completely, the wildcard is F.
Another important point to remember here is that in the wildcard,
leading 0's are prepended unless you specify a mask. Therefore, make
sure that your wildcard mask is:

'FFFFFFFE', not just 'E'. 'E' actually means '0000000E'.

When in doubt, write out what you're trying to match in binary, then
convert to HEX.

HTH

Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com

CyscoExpert Corporation
Internetwork Consulting & Training
http://www.cyscoexpert.com
Voice: 847.674.3392
Fax: 847.674.2625

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Treptow, Georg
Sent: Sunday, June 09, 2002 5:17 PM
To: 'ccielab@groupstudy.com'
Subject: IPX access-list

Hello,

Can someone explain IPX network address and masks for access-list to me.
The
CCO has very poor examples.

I am trying to block all uneven networks from entering my routing
tables.

Thanks a lot,

Georg Treptow

• Next message: Anthony Pace: "Re: OSPF tags as a way to stop route feedback from redistribution-- what is the downside?"
• Previous message: Anthony Pace: "RE: OSPF into IGRP and summarizing into FLSM"
• Maybe in reply to: Treptow, Georg: "IPX access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:30 GMT-3