IPX Route Filter

IPX Route Filter

Syntax Description

Usage Guidelines

Allowing Non-Filtered Routing Packets

IPX Route Filter

This section allows you to define, edit and name a set of IPX route filtering rules. This allows the device to filter inbound IPX network numbers received via broadcast advertisements and outbound routes advertised from the device. These filter rules are global to the device and are not associated with a particular interface. However, they can be restricted to an interface using the from or to modifiers as explained later in this section.

edit config IPX Route Filter "Name"

Syntax Description

"Name"

A unique name, up to 16 characters with spaces allowed, for this filter set.

"Name"	A unique name, up to 16 characters with spaces allowed, for this filter set.

Usage Guidelines

The rules are applied in the order they were written. When you select multiple filter sets, they are read from first to last as you entered them.

Allowing Non-Filtered Routing Packets

When you specify a rule, even if it is only a deny rule, the interface automatically rejects all routing packets unless you explicitly allow them.

To allow all other routing packets not filtered, make the last rule:

permit network = all

Filter Rule Syntax

After entering the edit config command, and then the append command, enter one or more filter rules using the following syntax:

{permit | deny} network operator network_number
[in | out | both]
[{from | to} {ipx_internet_address | port}]
[{metricin | metricout} metric]
[log]

Options

permit | deny

permit specifies that information from routing packets that meet the conditions are included in the IPX routing table.

deny specifies that information from routing packets that meet the conditions are not included in the IPX routing table.

network operator network_number

This rule allows filtering of the network number from either the inbound or outbound IPX route advertisement.

The network_number is a hex value in the range of 1 to FFFFFFFE. The keyword all may be used to specify all network values.

The operator can be one of the following values:

Equals. Use one of the following arguments:

eq

==

=

Less Than. Use one of the following arguments:

lt

<

Less Than or Equal To. Use one of the following arguments:

lteq

le

<=

=<

Greater Than. Use one of the following arguments:

gt

>

Greater Than or Equal To. Use one of the following arguments:

gteq

ge

>=

=>

Does not Equal. Use one of the following arguments:

ne

<>

!=

in | out | both

Specifies the packet direction for which the rule is applied.

In applies filter rules only to incoming routing packets.

Out applies filter rules only to outgoing routing packets.

Both, the default, applies filter rules to incoming and outgoing packets.

{from | to} {ipx_internet_address | port}

Applies the filter only to routing packets from or to a specific IPX network or port, where:

ipx_internet_address is specified as a hexadecimal network number and node number separated by a dash (e.g., A011-0:0:A5:0:0:1 indicates a node with the hexadecimal network number of A011 and a node address of 0:0:A5:0:0:1).

port is:

{Ethernet | WAN} slot:port

{metricin | metricout} metric

Allows the metric on incoming or outgoing routes to be incremented or decremented. The metric is the number of routers on a route. By increasing or decreasing the metric, a particular route can be made more or less attractive. metric must be a decimal number between 1 and 15.

log

Causes the router to log data about filtered packets. See the Logging section for more information.

permit \| deny	permit specifies that information from routing packets that meet the conditions are included in the IPX routing table. deny specifies that information from routing packets that meet the conditions are not included in the IPX routing table.
network operator network_number	This rule allows filtering of the network number from either the inbound or outbound IPX route advertisement. The network_number is a hex value in the range of 1 to FFFFFFFE. The keyword all may be used to specify all network values. The operator can be one of the following values:
	Equals. Use one of the following arguments: eq == = Less Than. Use one of the following arguments: lt < Less Than or Equal To. Use one of the following arguments: lteq le <= =<	Greater Than. Use one of the following arguments: gt > Greater Than or Equal To. Use one of the following arguments: gteq ge >= => Does not Equal. Use one of the following arguments: ne <> !=
in \| out \| both	Specifies the packet direction for which the rule is applied. In applies filter rules only to incoming routing packets. Out applies filter rules only to outgoing routing packets. Both, the default, applies filter rules to incoming and outgoing packets.
{from \| to} {ipx_internet_address \| port}	Applies the filter only to routing packets from or to a specific IPX network or port, where: ipx_internet_address is specified as a hexadecimal network number and node number separated by a dash (e.g., A011-0:0:A5:0:0:1 indicates a node with the hexadecimal network number of A011 and a node address of 0:0:A5:0:0:1). port is: {Ethernet \| WAN} slot:port
{metricin \| metricout} metric	Allows the metric on incoming or outgoing routes to be incremented or decremented. The metric is the number of routers on a route. By increasing or decreasing the metric, a particular route can be made more or less attractive. metric must be a decimal number between 1 and 15.
log	Causes the router to log data about filtered packets. See the Logging section for more information.

Examples

The following example specifies a rule to allow routes to be input from any IPX network except network number 7.

[ IPX Route Filter "net-7" ]
permit network != 7

The following example specifies that routing information should only be accepted from the Ethernet 0 interface.

[IPX Route Filter "ether0-only"
permit network = ALL from ethernet 0

The "ether0-only" filter would be applied in the General section.

[ General ]
IPXRouteFilters = ether0-only

Related Commands

Command Description

configure General

Configures general system settings

configure IPX

Configures IPX parameters for an interface

configure Logging

Configures logging options

edit config IPX Filter

Creates IPX packet filters

edit config IPX SAP Filter

Creates IPX server filters

show ipx

Shows IPX configuration and routing

Command	Description
configure General	Configures general system settings
configure IPX	Configures IPX parameters for an interface
configure Logging	Configures logging options
edit config IPX Filter	Creates IPX packet filters
edit config IPX SAP Filter	Creates IPX server filters
show ipx	Shows IPX configuration and routing

Table of Contents