ACL in 3500XL to block IPX

Unanswered Question
Nov 10th, 2009


If I create an ACL with one statement "permit IP any any", will this have the effect of blocking all non-IP traffic due to the implicit "deny any any" ? I would like to block all non-IP traffic, IPX in particular, on an older switch.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Giuseppe Larosa Tue, 11/10/2009 - 10:50

Hello Dave,

no because you are configuring an IP focused ACL.

I don't think 3500 XL can route IPX but it can bridge IPX frames as they are valid ethernet frames.

what would be needed is an ACL that works on ethertype to describe what upper layer protocol you want to accept.

Again I don't think it is supported on C3500 XL

Hope to help


Leo Laohoo Tue, 11/10/2009 - 13:51

For starters, 3500XL does not support IP ACL regardless of IOS version. It will support MAC-based ACL.

dave.keith Tue, 11/10/2009 - 14:09

And yet I could configure this on a 3512XL running 12.0(5.4)WC1 :

Extended IP access list 101

permit ip any any

Hmmmmmmm .....

I guess the answer is that the implicit "deny any any" is in reality an implicit "deny IP any any".

I'll figure out another way, thanks for the replies.



This Discussion