Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
622
Views
5
Helpful
3
Replies

ACL in 3500XL to block IPX

dave.keith
Level 1
Level 1

‎11-10-2009 09:46 AM - edited ‎03-06-2019 08:32 AM

Hello,

If I create an ACL with one statement "permit IP any any", will this have the effect of blocking all non-IP traffic due to the implicit "deny any any" ? I would like to block all non-IP traffic, IPX in particular, on an older switch.

Dave

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-10-2009 10:50 AM

Hello Dave,

no because you are configuring an IP focused ACL.

I don't think 3500 XL can route IPX but it can bridge IPX frames as they are valid ethernet frames.

what would be needed is an ACL that works on ethertype to describe what upper layer protocol you want to accept.

Again I don't think it is supported on C3500 XL

Hope to help

Giuseppe

Leo Laohoo
Hall of Fame
Hall of Fame

‎11-10-2009 01:51 PM

For starters, 3500XL does not support IP ACL regardless of IOS version. It will support MAC-based ACL.

0 Helpful

dave.keith
Level 1
Level 1
In response to Leo Laohoo

‎11-10-2009 02:09 PM

And yet I could configure this on a 3512XL running 12.0(5.4)WC1 :

Extended IP access list 101

permit ip any any

Hmmmmmmm .....

I guess the answer is that the implicit "deny any any" is in reality an implicit "deny IP any any".

I'll figure out another way, thanks for the replies.

Dave

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card