Novell IPX Commands: access-list (IPX extended) Through ipx bandwidth-percent eigrp

This chapter explains the function and syntax of the Novell IPX commands: access-list (IPX extended) through ipx bandwidth-percent eigrp. For more information about defaults and usage guidelines, see the corresponding chapter of the Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.1.

Note For all commands that previously used the keyword novell, this keyword has been changed to ipx. You can still use the keyword novell in all commands.

access-list (IPX extended)

To define an extended Novell IPX access list, use the extended version of the access-list command in global configuration mode. To remove an extended access list, use the no form of this command.

access-list access-list-number {deny | permit} protocol [source-network][[[.source-node] source-node-mask] | [.source-node source-network-mask.source-node-mask]] [source-socket] [destination.network][[[.destination-node] destination-node-mask] | [.destination-node destination-network-mask.destination-node-mask]] [destination-socket] [log] [time-range time-range-name]

no access-list access-list-number {deny | permit} protocol [source-network][[[.source-node] source-node-mask] | [.source-node source-network-mask.source-node-mask]] [source-socket] [destination.network][[[.destination-node] destination-node-mask] | [.destination-node destination-network-mask.destination-node-mask]] [destination-socket] [log] [time-range time-range-name]

Syntax Description

access-list-number

Number of the access list. This is a number from 900 to 999.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

protocol

Name or number of an IPX protocol type. This is sometimes referred to as the packet type.

source-network

(Optional) Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number; for example, for the network number 000000AA, you can enter AA.

.source-node

(Optional) Node on the source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

source-node-mask

(Optional) Mask to be applied to the source-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

source-network-mask.

(Optional) Mask to be applied to the source-network argument. This is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask.

The mask must immediately be followed by a period, which must in turn immediately be followed by the source-node-mask argument.

source-socket

(Optional) Socket name or number (hexadecimal) from which the packet is being sent.

destination.network

(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.destination-node

(Optional) Node on destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

destination-node-mask

(Optional) Mask to be applied to the destination-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

destination-network-mask.

(Optional) Mask to be applied to the destination-network argument. This is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask.

The mask must immediately be followed by a period, which must in turn immediately be followed by the destination-node-mask argument.

destination-socket

(Optional) Socket name or number (hexadecimal) to which the packet is being sent.

log

(Optional) Logs IPX access control list violations whenever a packet matches a particular access list entry. The information logged includes source address, destination address, source socket, destination socket, protocol type, and action taken (permit/deny).

time-range time-range-name

(Optional) Name of the time range that applies to this statement. The name of the time range and its restrictions are specified by the time-range command.

access-list-number	Number of the access list. This is a number from 900 to 999.
deny	Denies access if the conditions are matched.
permit	Permits access if the conditions are matched.
protocol	Name or number of an IPX protocol type. This is sometimes referred to as the packet type.
source-network	(Optional) Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks. You do not need to specify leading zeros in the network number; for example, for the network number 000000AA, you can enter AA.
.source-node	(Optional) Node on the source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
source-node-mask	(Optional) Mask to be applied to the source-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.
source-network-mask.	(Optional) Mask to be applied to the source-network argument. This is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask. The mask must immediately be followed by a period, which must in turn immediately be followed by the source-node-mask argument.
source-socket	(Optional) Socket name or number (hexadecimal) from which the packet is being sent.
destination.network	(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
.destination-node	(Optional) Node on destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
destination-node-mask	(Optional) Mask to be applied to the destination-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.
destination-network-mask.	(Optional) Mask to be applied to the destination-network argument. This is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask. The mask must immediately be followed by a period, which must in turn immediately be followed by the destination-node-mask argument.
destination-socket	(Optional) Socket name or number (hexadecimal) to which the packet is being sent.
log	(Optional) Logs IPX access control list violations whenever a packet matches a particular access list entry. The information logged includes source address, destination address, source socket, destination socket, protocol type, and action taken (permit/deny).
time-range time-range-name	(Optional) Name of the time range that applies to this statement. The name of the time range and its restrictions are specified by the time-range command.

access-list (IPX standard)

To define a standard IPX access list, use the standard version of the access-list command in global configuration mode. To remove a standard access list, use the no form of this command.

access-list access-list-number {deny | permit} source-network[.source-node[source-node-mask]] [destination-network[.destination-node [destination-node-mask]]]

no access-list access-list-number {deny | permit} source-network[.source-node[source-node-mask]] [destination-network[.destination-node [destination-node-mask]]]

Syntax Description

access-list-number

Number of the access list. This is a number from 800 to 899.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

source-network

Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.source-node

(Optional) Node on source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

source-node-mask

(Optional) Mask to be applied to source-node. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

destination-network

(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.destination-node

(Optional) Node on destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

destination-node-mask

(Optional) Mask to be applied to destination-node. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

access-list-number	Number of the access list. This is a number from 800 to 899.
deny	Denies access if the conditions are matched.
permit	Permits access if the conditions are matched.
source-network	Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
.source-node	(Optional) Node on source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
source-node-mask	(Optional) Mask to be applied to source-node. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.
destination-network	(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
.destination-node	(Optional) Node on destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
destination-node-mask	(Optional) Mask to be applied to destination-node. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

access-list (NLSP)

To define an access list that denies or permits area addresses that summarize routes, use the NLSP route aggregation version of the access-list command in global configuration mode. To remove an NLSP route aggregation access list, use the no form of this command.

access-list access-list-number {deny | permit} network network-mask [ticks ticks] [area-count area-count]

no access-list access-list-number {deny | permit} network network-mask [ticks ticks] [area-count area-count]

Syntax Description

access-list-number

Number of the access list. This is a number from 1200 to 1299.

deny

Denies redistribution of explicit routes if the conditions are matched. If you have enabled route summarization with route-aggregation command, the router redistributes an aggregated route instead.

permit

Permits redistribution of explicit routes if the conditions are matched.

network

Network number to summarize. An IPX network number is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

network-mask

Specifies the portion of the network address that is common to all addresses in the route summary. The high-order bits of network-mask must be contiguous Fs, while the low-order bits must be contiguous zeros (0). An arbitrary mix of Fs and 0s is not permitted.

ticks ticks

(Optional) Metric assigned to the route summary. The default is 1 tick.

area-count area-count

(Optional) Maximum number of NLSP areas to which the route summary can be redistributed. The default is 6 areas.

access-list-number	Number of the access list. This is a number from 1200 to 1299.
deny	Denies redistribution of explicit routes if the conditions are matched. If you have enabled route summarization with route-aggregation command, the router redistributes an aggregated route instead.
permit	Permits redistribution of explicit routes if the conditions are matched.
network	Network number to summarize. An IPX network number is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
network-mask	Specifies the portion of the network address that is common to all addresses in the route summary. The high-order bits of network-mask must be contiguous Fs, while the low-order bits must be contiguous zeros (0). An arbitrary mix of Fs and 0s is not permitted.
ticks ticks	(Optional) Metric assigned to the route summary. The default is 1 tick.
area-count area-count	(Optional) Maximum number of NLSP areas to which the route summary can be redistributed. The default is 6 areas.

access-list (SAP filtering)

To define an access list for filtering Service Advertising Protocol (SAP) requests, use the SAP filtering form of the access-list command in global configuration mode. To remove the access list, use the no form of this command.

access-list access-list-number {deny | permit} network[.node] [network-mask.node-mask] [service-type [server-name]]

no access-list access-list-number {deny | permit} network[.node] [network-mask.node-mask] [service-type [server-name]]

Syntax Description

access-list-number

Number of the SAP access list. This is a number from 1000 to 1099.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

network

Network number. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.node

(Optional) Node specified on the network. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

network-mask.node-mask

(Optional) Mask to be applied to network and node. Place ones in the bit positions to be masked.

service-type

(Optional) Service type on which to filter. This is a hexadecimal number. A value of 0 means all services.

server-name

(Optional) Name of the server providing the specified service type. This can be any contiguous string of printable ASCII characters. Use double quotation marks (" ") to enclose strings containing embedded spaces. You can use an asterisk (*) at the end of the name as a wildcard to match one or more trailing characters.

access-list-number	Number of the SAP access list. This is a number from 1000 to 1099.
deny	Denies access if the conditions are matched.
permit	Permits access if the conditions are matched.
network	Network number. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
.node	(Optional) Node specified on the network. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
network-mask.node-mask	(Optional) Mask to be applied to network and node. Place ones in the bit positions to be masked.
service-type	(Optional) Service type on which to filter. This is a hexadecimal number. A value of 0 means all services.
server-name	(Optional) Name of the server providing the specified service type. This can be any contiguous string of printable ASCII characters. Use double quotation marks (" ") to enclose strings containing embedded spaces. You can use an asterisk (*) at the end of the name as a wildcard to match one or more trailing characters.

area-address

To define a set of network numbers to be part of the current NLSP area, use the area-address command in router configuration mode. To remove a set of network numbers from the current NLSP area, use the no form of this command.

area-address address mask

no area-address address mask

Syntax Description

address

Network number prefix. This is a 32-bit hexadecimal number.

mask

Mask that defines the length of the network number prefix. This is a 32-bit hexadecimal number.

address	Network number prefix. This is a 32-bit hexadecimal number.
mask	Mask that defines the length of the network number prefix. This is a 32-bit hexadecimal number.

clear ipx accounting

To delete all entries in the accounting database when IPX accounting is enabled, use the clear ipx accounting command in EXEC mode.

clear ipx accounting [checkpoint]

Syntax Description

checkpoint

(Optional) Clears the checkpoint database.

checkpoint	(Optional) Clears the checkpoint database.

clear ipx cache

To delete entries from the IPX fast-switching cache, use the clear ipx cache command in EXEC mode.

clear ipx cache

Syntax Description

This command has no arguments or keywords.

clear ipx nhrp

To clear all dynamic entries from the Next Hop Resolution Protocol (NHRP) cache, use the clear ipx nhrp command in EXEC mode.

clear ipx nhrp

Syntax Description

This command has no arguments or keywords.

clear ipx nlsp neighbors

To delete all NetWare Link Services Protocol (NLSP) adjacencies from the adjacency database of Cisco IOS software, use the clear ipx nlsp neighbors command in EXEC mode.

clear ipx nlsp [tag] neighbors

Syntax Description

tag

(Optional) Names the NLSP process. The tag can be any combination of printable characters.

tag	(Optional) Names the NLSP process. The tag can be any combination of printable characters.

clear ipx route

To delete routes from the IPX routing table, use the clear ipx route command in EXEC mode.

clear ipx route {network [network-mask] | default | *}

Syntax Description

network

Number of the network whose routing table entry you want to delete. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFD. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

network-mask

(Optional) Specifies the portion of the network address that is common to all addresses in an NLSP route summary. When used with the network argument, it specifies the an NLSP route summary to clear.

The high-order bits specified for the network-mask argument must be contiguous Fs, while the low-order bits must be contiguous zeros (0). An arbitrary mix of Fs and 0s is not permitted.

default

Deletes the default route from the routing table.

*

Deletes all routes in the routing table.

network	Number of the network whose routing table entry you want to delete. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFD. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
network-mask	(Optional) Specifies the portion of the network address that is common to all addresses in an NLSP route summary. When used with the network argument, it specifies the an NLSP route summary to clear. The high-order bits specified for the network-mask argument must be contiguous Fs, while the low-order bits must be contiguous zeros (0). An arbitrary mix of Fs and 0s is not permitted.
default	Deletes the default route from the routing table.
*	Deletes all routes in the routing table.

clear ipx traffic

To clear Internetwork Packet Exchange (IPX) protocol and NetWare Link Services Protocol (NLSP) traffic counters , use the clear ipx traffic command in privileged EXEC mode.

clear ipx [nlsp] traffic

Syntax Description

nlsp

(Optional) Clears only the NLSP traffic counters and leaves other IPX traffic counters intact.

nlsp	(Optional) Clears only the NLSP traffic counters and leaves other IPX traffic counters intact.

deny (extended)

To set conditions for a named IPX extended access list, use the deny access-list command in configuration mode. To remove a deny condition from an access list, use the no form of this command.

deny protocol [source-network][[[.source-node] source-node-mask] | [.source-node source-network-mask.source-node-mask]] [source-socket] [destination-network][[[.destination-node] destination-node-mask] | [.destination-node destination-network-mask.destination-node-mask]] [destination-socket] [log] [time-range time-range-name]

no deny protocol [source-network][[[.source-node] source-node-mask] | [.source-node source-network-mask.source-node-mask]] [source-socket] [destination-network][[[.destination-node] destination-node-mask] | [.destination-node destination-network-mask.destination-node-mask]] [destination-socket] [log] [time-range time-range-name]

Syntax Description

protocol

Name or number of an IPX protocol type. This is sometimes referred to as the packet type. You can also use the word any to match all protocol types.

source-network

(Optional) Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks. You can also use the keyword any to match all networks.

You do not need to specify leading zeros in the network number; for example, for the network number 000000AA, you can enter AA.

.source-node

(Optional) Node on the source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

source-node-mask

(Optional) Mask to be applied to the source-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

source-network-mask.

(Optional) Mask to be applied to the source-network argument. This is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask.

The mask must immediately be followed by a period, which must in turn immediately be followed by the source-node-mask argument.

source-socket

(Optional) Socket name or number (hexadecimal) from which the packet is being sent. You can also use the keyword all to match all sockets.

destination-network

(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks. You can also use the keyword any to match all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.destination-node

(Optional) Node on the destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

destination-node-mask

(Optional) Mask to be applied to the destination-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

destination-network-mask.

(Optional) Mask to be applied to the destination-network argument. This is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask.

The mask must immediately be followed by a period, which must in turn immediately be followed by the destination-node-mask argument.

destination-socket

(Optional) Socket name or number (hexadecimal) to which the packet is being sent.

log

(Optional) Logs IPX access control list violations whenever a packet matches a particular access list entry. The information logged includes source address, destination address, source socket, destination socket, protocol type, and action taken (permit/deny).

time-range time-range-name

(Optional) Name of the time range that applies to this statement. The name of the time range and its restrictions are specified by the time-range command.

protocol	Name or number of an IPX protocol type. This is sometimes referred to as the packet type. You can also use the word any to match all protocol types.
source-network	(Optional) Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks. You can also use the keyword any to match all networks. You do not need to specify leading zeros in the network number; for example, for the network number 000000AA, you can enter AA.
.source-node	(Optional) Node on the source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
source-node-mask	(Optional) Mask to be applied to the source-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.
source-network-mask.	(Optional) Mask to be applied to the source-network argument. This is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask. The mask must immediately be followed by a period, which must in turn immediately be followed by the source-node-mask argument.
source-socket	(Optional) Socket name or number (hexadecimal) from which the packet is being sent. You can also use the keyword all to match all sockets.
destination-network	(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks. You can also use the keyword any to match all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
.destination-node	(Optional) Node on the destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
destination-node-mask	(Optional) Mask to be applied to the destination-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.
destination-network-mask.	(Optional) Mask to be applied to the destination-network argument. This is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask. The mask must immediately be followed by a period, which must in turn immediately be followed by the destination-node-mask argument.
destination-socket	(Optional) Socket name or number (hexadecimal) to which the packet is being sent.
log	(Optional) Logs IPX access control list violations whenever a packet matches a particular access list entry. The information logged includes source address, destination address, source socket, destination socket, protocol type, and action taken (permit/deny).
time-range time-range-name	(Optional) Name of the time range that applies to this statement. The name of the time range and its restrictions are specified by the time-range command.

deny (NLSP)

To filter explicit routes and generate an aggregated route for a named NLSP route aggregation access list, use the deny access-list command in configuration mode. To remove a deny condition from an access list, use the no form of this command.

deny network network-mask [ticks ticks] [area-count area-count]

no deny network network-mask [ticks ticks] [area-count area-count]

Syntax Description

network

Network number to summarize. An IPX network number is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

network-mask

Specifies the portion of the network address that is common to all addresses in the route summary, expressed as an 8-digit hexadecimal number. The high-order bits of network-mask must be contiguous 1s, while the low-order bits must be contiguous zeros (0). An arbitrary mix of 1s and 0s is not permitted.

ticks ticks

(Optional) Metric assigned to the route summary. The default is 1 tick.

area-count area-count

(Optional) Maximum number of NLSP areas to which the route summary can be redistributed. The default is 6 areas.

network	Network number to summarize. An IPX network number is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
network-mask	Specifies the portion of the network address that is common to all addresses in the route summary, expressed as an 8-digit hexadecimal number. The high-order bits of network-mask must be contiguous 1s, while the low-order bits must be contiguous zeros (0). An arbitrary mix of 1s and 0s is not permitted.
ticks ticks	(Optional) Metric assigned to the route summary. The default is 1 tick.
area-count area-count	(Optional) Maximum number of NLSP areas to which the route summary can be redistributed. The default is 6 areas.

deny (SAP filtering)

To set conditions for a named IPX SAP filtering access list, use the deny access-list command in configuration mode. To remove a deny condition from an access list, use the no form of this command.

deny network[.node] [network-mask.node-mask] [service-type [server-name]]

no deny network[.node] [network-mask.node-mask] [service-type [server-name]]

Syntax Description

network

Network number. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.node

(Optional) Node on network. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

network-mask.node-mask

(Optional) Mask to be applied to network and node. Place ones in the bit positions to be masked.

service-type

(Optional) Service type on which to filter. This is a hexadecimal number. A value of 0 means all services.

server-name

(Optional) Name of the server providing the specified service type. This can be any contiguous string of printable ASCII characters. Use double quotation marks (" ") to enclose strings containing embedded spaces. You can use an asterisk (*) at the end of the name as a wildcard to match one or more trailing characters.

network	Network number. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
.node	(Optional) Node on network. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
network-mask.node-mask	(Optional) Mask to be applied to network and node. Place ones in the bit positions to be masked.
service-type	(Optional) Service type on which to filter. This is a hexadecimal number. A value of 0 means all services.
server-name	(Optional) Name of the server providing the specified service type. This can be any contiguous string of printable ASCII characters. Use double quotation marks (" ") to enclose strings containing embedded spaces. You can use an asterisk (*) at the end of the name as a wildcard to match one or more trailing characters.

deny (standard)

To set conditions for a named IPX access list, use the deny access-list command in configuration mode. To remove a deny condition from an access list, use the no form of this command.

deny source-network[.source-node [source-node-mask]] [destination-network[.destination-node [destination-node-mask]]]

no deny source-network[.source-node [source-node-mask]] [destination-network[.destination-node [destination-node-mask]]]

Syntax Description

source-network

Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.source-node

(Optional) Node on the source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

source-node-mask

(Optional) Mask to be applied to the source-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

destination-network

(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.destination-node

(Optional) Node on the destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

destination-node-mask

(Optional) Mask to be applied to destination-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

source-network	Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
.source-node	(Optional) Node on the source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
source-node-mask	(Optional) Mask to be applied to the source-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.
destination-network	(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
.destination-node	(Optional) Node on the destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
destination-node-mask	(Optional) Mask to be applied to destination-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

distribute-list in (IPX)

To filter networks received in updates, use the distribute-list in command in router configuration mode. To change or cancel the filter, use the no form of this command.

distribute-list {access-list-number | name} in [interface-name]

no distribute-list {access-list-number | name} in [interface-name]

Syntax Description

access-list-number

Standard IPX access list number in the range 800 to 899 or NLSP access list number in the range 1200 to 1299. The list explicitly specifies which networks are to be received and which are to be suppressed.

name

Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.

in

Applies the access list to incoming routing updates.

interface-name

(Optional) Interface on which the access list should be applied to incoming updates. If no interface is specified, the access list is applied to all incoming updates.

access-list-number	Standard IPX access list number in the range 800 to 899 or NLSP access list number in the range 1200 to 1299. The list explicitly specifies which networks are to be received and which are to be suppressed.
name	Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.
in	Applies the access list to incoming routing updates.
interface-name	(Optional) Interface on which the access list should be applied to incoming updates. If no interface is specified, the access list is applied to all incoming updates.

distribute-list out (IPX)

To suppress networks from being advertised in updates, use the distribute-list out command in router configuration mode. To cancel this function, use the no form of this command.

distribute-list {access-list-number | name} out [interface-name | routing-process]

no distribute-list {access-list-number | name} out [interface-name | routing-process]

Syntax Description

access-list-number

Standard IPX access list number in the range 800 to 899 or NLSP access list number in the range 1200 to 1299. The list explicitly specifies which networks are to be sent and which are to be suppressed in routing updates.

name

Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.

out

Applies the access list to outgoing routing updates.

interface-name

(Optional) Interface on which the access list should be applied to outgoing updates. If no interface is specified, the access list is applied to all outgoing updates.

routing-process

(Optional) Name of a particular routing process as follows:

eigrp autonomous-system-number

rip

nlsp [tag]

access-list-number	Standard IPX access list number in the range 800 to 899 or NLSP access list number in the range 1200 to 1299. The list explicitly specifies which networks are to be sent and which are to be suppressed in routing updates.
name	Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.
out	Applies the access list to outgoing routing updates.
interface-name	(Optional) Interface on which the access list should be applied to outgoing updates. If no interface is specified, the access list is applied to all outgoing updates.
routing-process	(Optional) Name of a particular routing process as follows: eigrp autonomous-system-number rip nlsp [tag]

distribute-sap-list in

To filter services received in updates, use the distribute-sap-list in command in router configuration mode. To change or cancel the filter, use the no form of this command.

distribute-sap-list {access-list-number | name} in [interface-name]

no distribute-sap-list {access-list-number | name} in [interface-name]

Syntax Description

access-list-number

SAP access list number in the range 1000 to 1099. The list explicitly specifies which services are to be received and which are to be suppressed.

name

Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.

interface-name

(Optional) Interface on which the access list should be applied to incoming updates. If no interface is specified, the access list is applied to all incoming updates.

access-list-number	SAP access list number in the range 1000 to 1099. The list explicitly specifies which services are to be received and which are to be suppressed.
name	Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.
interface-name	(Optional) Interface on which the access list should be applied to incoming updates. If no interface is specified, the access list is applied to all incoming updates.

distribute-sap-list out

To suppress services from being advertised in SAP updates, use the distribute-sap-list out command in router configuration mode. To cancel this function, use the no form of this command.

distribute-sap-list {access-list-number | name} out [interface-name | routing-process]

no distribute-sap-list {access-list-number | name} out [interface-name | routing-process]

Syntax Description

access-list-number

SAP access list number in the range 1000 to 1099. The list explicitly specifies which networks are to be sent and which are to be suppressed in routing updates.

name

Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.

interface-name

(Optional) Interface on which the access list should be applied to outgoing updates. If no interface is specified, the access list is applied to all outgoing updates.

routing-process

(Optional) Name of a particular routing process as follows:

eigrp autonomous-system-number

nlsp [tag]

rip

access-list-number	SAP access list number in the range 1000 to 1099. The list explicitly specifies which networks are to be sent and which are to be suppressed in routing updates.
name	Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.
interface-name	(Optional) Interface on which the access list should be applied to outgoing updates. If no interface is specified, the access list is applied to all outgoing updates.
routing-process	(Optional) Name of a particular routing process as follows: eigrp autonomous-system-number nlsp [tag] rip

ipx access-group

To apply generic input and output filters to an interface, use the ipx access-group command in interface configuration mode. To remove filters, use the no form of this command.

ipx access-group {access-list-number | name} [in | out]

no ipx access-group {access-list-number | name} [in | out]

Syntax Description

access-list-number

Number of the access list. For standard access lists, access-list-number is a number from 800 to 899. For extended access lists, the value for the access-list-number argument is a number from 900 to 999.

name

Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.

in

(Optional) Filters inbound packets. All incoming packets defined with either standard or extended access lists are filtered by the entries in this access list.

out

(Optional) Filters outbound packets. All outgoing packets defined with either standard or extended access lists and forwarded through the interface are filtered by the entries in this access list. This is the default when you do not specify an input (in) or output (out) keyword in the command line.

access-list-number	Number of the access list. For standard access lists, access-list-number is a number from 800 to 899. For extended access lists, the value for the access-list-number argument is a number from 900 to 999.
name	Name of the access list. Names cannot contain a space or quotation mark and must begin with an alphabetic character to prevent ambiguity with numbered access lists.
in	(Optional) Filters inbound packets. All incoming packets defined with either standard or extended access lists are filtered by the entries in this access list.
out	(Optional) Filters outbound packets. All outgoing packets defined with either standard or extended access lists and forwarded through the interface are filtered by the entries in this access list. This is the default when you do not specify an input (in) or output (out) keyword in the command line.

ipx access-list

To define an IPX access list by name, use the ipx access-list command in global configuration mode. To remove a named IPX access list, use the no form of this command.

ipx access-list {standard | extended | sap | summary} name

no ipx access-list {standard | extended | sap | summary} name


standard	Specifies a standard IPX access list.
extended	Specifies an extended IPX access list.
sap	Specifies a SAP access list.
summary	Specifies area addresses that summarize routes using NLSP route aggregation filtering.
name	Name of the access list. Names cannot contain a space or quotation mark, and they must begin with an alphabetic character to prevent ambiguity with numbered access lists.

ipx accounting

To enable IPX accounting, use the ipx accounting command in interface configuration mode. To disable IPX accounting, use the no form of this command.

ipx accounting

no ipx accounting

Syntax Description

This command has no arguments or keywords.

ipx accounting-list

To filter networks for which IPX accounting information is kept, use the ipx accounting-list command in global configuration mode. To remove the filter, use the no form of this command.

ipx accounting-list number mask

no ipx accounting-list number mask

Syntax Description

number

Network number. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFD.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA you can enter AA.

mask

Network mask.

number	Network number. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFD. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA you can enter AA.
mask	Network mask.

ipx accounting-threshold

To set the maximum number of accounting database entries, use the ipx accounting-threshold command in global configuration mode. To restore the default, use the no form of this command.

ipx accounting-threshold threshold

no ipx accounting-threshold threshold

Syntax Description

threshold

Maximum number of entries (source and destination address pairs) that the Cisco IOS software can accumulate.

threshold	Maximum number of entries (source and destination address pairs) that the Cisco IOS software can accumulate.

ipx accounting-transits

To set the maximum number of transit entries that will be stored in the IPX accounting database, use the ipx accounting-transits command in global configuration mode. To disable this function, use the no form of this command.

ipx accounting-transits count

no ipx accounting-transits

Syntax Description

count

Number of transit entries that will be stored in the IPX accounting database.

count	Number of transit entries that will be stored in the IPX accounting database.

ipx advertise-default-route-only

To advertise only the default RIP route via the specified network, use the ipx advertise-default-route-only command in interface configuration mode. To advertise all known RIP routes out the interface, use the no form of this command.

ipx advertise-default-route-only network

no ipx advertise-default-route-only network

Syntax Description

network

Number of the network through which to advertise the default route.

network	Number of the network through which to advertise the default route.

ipx advertise-to-lost-route

To enable the sending of lost route mechanism packets, use the ipx advertise-to-lost-route command in global configuration mode. To disable the flooding of network down notifications that are not part of the Novell lost route algorithm, use the no form of this command.

ipx advertise-to-lost-route

no ipx advertise-to-lost-route

Syntax Description

This command has no arguments or keywords.

ipx backup-server-query-interval

To change the time between successive queries of each Enhanced IGRP neighbor's backup server table, use the ipx backup-server-query-interval command in global configuration mode. To restore the default time, use the no form of this command.

ipx backup-server-query-interval interval

no ipx backup-server-query-interval

Syntax Description

interval

Minimum time, in seconds, between successive queries of each Enhanced IGRP neighbor's backup server table. The default is 15 seconds.

interval	Minimum time, in seconds, between successive queries of each Enhanced IGRP neighbor's backup server table. The default is 15 seconds.

ipx bandwidth-percent eigrp

To configure the percentage of bandwidth that may be used by Enhanced IGRP on an interface, use the ipx bandwidth-percent eigrp command in interface configuration mode. To restore the default value, use the no form of this command.

ipx bandwidth-percent eigrp as-number percent

no ipx bandwidth-percent eigrp as-number

Syntax Description

as-number

Autonomous system number.

percent

Percentage of bandwidth that Enhanced IGRP may use.

as-number	Autonomous system number.
percent	Percentage of bandwidth that Enhanced IGRP may use.

Table of Contents

Novell IPX Commands: access-list (IPX extended) Through ipx bandwidth-percent eigrp