Extended IPX Access Lists

As the extended IP access list gives the user a good control to monitor and control the traffic of the network easily. The difference is that the Extended IPX access list allows the user to monitor the traffic at a more sophisticated level that has more handling features that not only include the source address but also IPX protocols and socket numbers under use.

When the extended IPX access list has denied the data packet then the list expects another IPX protocol to be entered.

When the source address is entered, then there should be a source socket defined. The IPX socket is same as the TCP or UDP port available. When we do not want to allow the standard IPX pings from network to come, then we can use the command of nping.

When the command has been entered by the user after that, the comparison is made and the denial statement is checked, that whether it is present in the list or not. Other than deny statement we also need such a statement that allows the passage of traffic. The following command is the command that will permit the flow of data packet.

RouterA(config)#access-list 900 permit any any all any all

The initially written two statements represent protocols and source networks. The “all” statement written at first tells about all the sockets. The “all” statement at the end shows that it is equal to “any destination network, all sockets”. After the access list is created than it should be applied to the system otherwise no action will occur. At the present situation we apply it to the nearest level.

There is no need to cram the syntax of the list because it is available on the internet. Just remember the functionality of the list, that what action does it performs.