This document explains how to use Ethertype filters to block
Internetwork Packet Exchange (IPX) traffic on the Cisco Aironet Access Point. A
typical situation in which this is useful is when IPX server broadcasts choke
the wireless link, as sometimes happens on a large enterprise network.
There are no specific requirements for this document.
This document applies to Cisco Aironet Access Points that run either
VxWorks or Cisco IOS® Software.
The information presented in this document was created from devices in
a specific lab environment. All of the devices used in this document started
with a cleared (default) configuration. If you work in a live network, ensure
that you understand the potential impact of any command before you use
Technical Tips Conventions for more information on document
You can open the management system of the Access Point through your
web browser or through the Access Point serial port with a terminal emulator.
If you are unfamiliar with how to connect to an Access Point, refer to
the Web Browser Interface for directions on how to connect to an Access
Point that runs VxWorks, or
the Web-Browser Interface to connect to an Access Point that runs Cisco
Once you have established a browser connection to the Access Point,
perform these steps to configure and apply a filter to block IPX
Complete these steps:
Under the Setup menu, choose Ethertype Filters
In the Set Name field, type a filter name (for example,
"BlockIPX") and click Add New.
On the next page, you see the Default Disposition. The two options
are forward and block. Choose
forward from the drop-down menu.
In the Special Cases field, enter 0x8137 and click
A new window is displayed with these options:
For the Disposition, choose Block. Leave the other
options at their default settings. Click OK.
You are returned to the Ethertype Filter Set screen. Repeat Step 4
and Step 5, and add types 0x8138, 0x00ff, and
Apply the Filter
Once the filter is created, it must be applied to the interface in
order to take effect.
Return to the Setup page. Under the Network Ports section on the
row marked Ethernet, click Filters.
You see EtherType with Receive and Forward settings. From each
drop-down menu, choose the filter you created in Step 2 of the
Create a Filter procedure and click
OK. This step activates the filter you have created.
Complete these steps:
Click Services in the page navigation bar.
In the Services page list, click
On the Apply Filters page, click the Ethertype
Filters tab at the top of the page.
Make sure NEW (the default) is selected in the
Create/Edit Filter Index menu. If you wish to edit an existing filter, select
the filter number from the Create/Edit Filter Index menu.
In the Filter Index field, name the filter with a number from 200
to 299. The number you assign creates an access control list (ACL) for the
Enter 0x8137 in the Add Ethertype field.
Leave the mask for the Ethertype in the Mask field at the default
Choose Block from the Action menu.
Click Add. The Ethertype appears in the Filters
In order to remove the Ethertype from the Filters Classes list,
select it and click Delete Class. Repeat Step 6 through Step
9, and add types 0x8138, 0x00ff, and
0x00e0 to the filter.
Choose Forward All from the Default Action menu.
Because you block all IPX packets with this filter, you must have a default
action that applies to all other packets.
The filter has, at this point, been saved on the Access Point, but it
is not enabled until you apply it on the Apply Filters page.
Click the Apply Filters tab to return to the Apply
Select the filter number from one of the Ethertype drop-down menus.
You can apply the filter to either or both the Ethernet and radio ports, and to
either or both incoming and outgoing packets.
Click Apply. The filter is enabled on the selected
There is currently no verification procedure available for this
There is currently no specific troubleshooting information available
for this configuration.