Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.2
access-list (IPX extended) to ipx broadcast-fastswitching

Table Of Contents

Novell IPX Commands

access-list (IPX extended)

access-list (IPX standard)

access-list (NLSP)

access-list (SAP filtering)

area-address (NLSP)

clear ipx accounting

clear ipx cache

clear ipx nhrp

clear ipx nlsp neighbors

clear ipx route

clear ipx sap

clear ipx traffic

deny (extended)

deny (NLSP)

deny (SAP filtering)

deny (standard)

distribute-list in

distribute-list out

distribute-sap-list in

distribute-sap-list out

ipx access-group

ipx access-list

ipx accounting

ipx accounting-list

ipx accounting-threshold

ipx accounting-transits

ipx advertise-default-route-only (RIP)

ipx advertise-to-lost-route

ipx backup-server-query-interval (EIGRP)

ipx bandwidth-percent eigrp

ipx broadcast-fastswitching


Novell IPX Commands


Novell Internet Packet Exchange (IPX) is derived from the Xerox Network Systems (XNS) Internet Datagram Protocol (IDP). One major difference between the IPX and XNS protocols is that they do not always use the same Ethernet encapsulation format. A second difference is that IPX uses Novell's proprietary Service Advertising Protocol (SAP) to advertise special network services.

Our implementation of Novell's IPX protocol has been certified as providing full IPX router functionality.

Use the commands in this chapter to configure and monitor Novell IPX networks. For IPX configuration information and examples, refer to the "Configuring Novell IPX" chapter of the Cisco IOS AppleTalk and Novell IPX Configuration Guide.


Note For all commands that previously used the keyword novell, this keyword has been changed to ipx. You can still use the keyword novell in all commands.


access-list (IPX extended)

To define an extended Novell IPX access list, use the extended version of the access-list command in global configuration mode. To remove an extended access list, use the no form of this command.

access-list access-list-number {deny | permit} protocol [source-network][[[.source-node] source-node-mask] | [.source-node source-network-mask.source-node-mask]] [source-socket] [destination.network][[[.destination-node] destination-node-mask] | [.destination-node destination-network-mask.destination-node-mask]] [destination-socket] [log] [time-range time-range-name]

no access-list access-list-number {deny | permit} protocol [source-network][[[.source-node] source-node-mask] | [.source-node source-network-mask.source-node-mask]] [source-socket] [destination.network][[[.destination-node] destination-node-mask] | [.destination-node destination-network-mask.destination-node-mask]] [destination-socket] [log] [time-range time-range-name]

Syntax Description

access-list-number

Number of the access list. This is a number from 900 to 999.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

protocol

Name or number of an IPX protocol type. This is sometimes referred to as the packet type. Table 45 in the "Usage Guidelines" section lists some IPX protocol names and numbers.

source-network

(Optional) Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number; for example, for the network number 000000AA, you can enter AA.

.source-node

(Optional) Node on the source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

source-node-mask

(Optional) Mask to be applied to the source-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

source-network-mask.

(Optional) Mask to be applied to the source-network argument. This is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask.

The mask must immediately be followed by a period, which must in turn immediately be followed by the source-node-mask argument.

source-socket

(Optional) Socket name or number (hexadecimal) from which the packet is being sent. Table 46 in the "Usage Guidelines" section lists some IPX socket names and numbers.

destination.network

(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.destination-node

(Optional) Node on destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

destination-node-mask

(Optional) Mask to be applied to the destination-node argument. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

destination-network-mask.

(Optional) Mask to be applied to the destination-network argument. This is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask.

The mask must immediately be followed by a period, which must in turn immediately be followed by the destination-node-mask argument.

destination-socket

(Optional) Socket name or number (hexadecimal) to which the packet is being sent. Table 46 in the "Usage Guidelines" section lists some IPX socket names and numbers.

log

(Optional) Logs IPX access control list violations whenever a packet matches a particular access list entry. The information logged includes source address, destination address, source socket, destination socket, protocol type, and action taken (permit/deny).

time-range time-range-name

(Optional) Name of the time range that applies to this statement. The name of the time range and its restrictions are specified by the time-range command.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.

11.2

The log keyword was added.

12.0(1)T

The following keyword and argument were added:

time-range

time-range-name


Usage Guidelines

Extended IPX access lists filter on protocol type. All other parameters are optional.

If a network mask is used, all other fields are required.

Use the ipx access-group command to assign an access list to an interface. You can apply only one extended or one standard access list to an interface. The access list filters all outgoing packets on the interface.


Note For some versions of NetWare, the protocol type field is not a reliable indicator of the type of packet encapsulated by the IPX header. In these cases, use the source and destination socket fields to make this determination. For additional information, contact Novell.


Table 45 lists some IPX protocol names and numbers. Table 46 lists some IPX socket names and numbers. For additional information about IPX protocol numbers and socket numbers, contact Novell.

Table 45 Some IPX Protocol Names and Numbers 

IPX Protocol Number (Decimal)
IPX Protocol Name
Protocol (Packet Type)

-1

any

Wildcard; matches any packet type in 900 lists.

0

 

Undefined; refer to the socket number to determine the packet type.

1

rip

Routing Information Protocol (RIP).

4

sap

Service Advertising Protocol (SAP).

5

spx

Sequenced Packet Exchange (SPX).

17

ncp

NetWare Core Protocol (NCP).

20

netbios

IPX NetBIOS.


Table 46 Some IPX Socket Names and Numbers 

IPX Socket Number (Hexadecimal)
IPX Socket Name
Socket

0

all

Wildcard used to match all sockets.

2

cping

Cisco IPX ping packet.

451

ncp

NetWare Core Protocol (NCP) process.

452

sap

Service Advertising Protocol (SAP) process.

453

rip

Routing Information Protocol (RIP) process.

455

netbios

Novell NetBIOS process.

456

diagnostic

Novell diagnostic packet.

457

 

Novell serialization socket.

4000-7FFF

 

Dynamic sockets; used by workstations for interaction with file servers and other network servers.

8000-FFFF

 

Sockets as assigned by Novell, Inc.

85BE

eigrp

IPX Enhanced Interior Gateway Routing Protocol (Enhanced IGRP).

9001

nlsp

NetWare Link Services Protocol.

9086

nping

Novell standard ping packet.


To delete an extended access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:

no access-list access-list-number

To delete the access list for a specific protocol, use the following command:

no access-list access-list-number {deny | permit} protocol

Examples

The following example denies access to all RIP packets from the RIP process socket on source network 1 that are destined for the RIP process socket on network 2. It permits all other traffic. This example uses protocol and socket names rather than hexadecimal numbers.

access-list  900  deny  -1 1 rip 2 rip
access-list  900  permit  -1

The following example permits type 2 packets from any socket from host 10.0000.0C01.5234 to access any sockets on any node on networks 1000 through 100F. It denies all other traffic (with an implicit deny all):


Note This type is chosen only as an example. The actual type to use depends on the specific application.


access-list 910 permit 2 10.0000.0C01.5234 0000.0000.0000 0  
  1000.0000.0000.0000 F.FFFF.FFFF.FFFF 0

The following example provides a time range to the access list:

time-range no-spx
 periodic weekdays 8:00 to 18:00
!
ipx access-list extended test
 permit spx any all any all time-range no spx

Related Commands

Command
Description

access-list (IPX standard)

Defines a standard IPX access list.

deny (extended)

Sets conditions for a named IPX extended access list.

ipx access-group

Applies generic input and output filters to an interface.

ipx access-list

Defines an IPX access list by name.

ipx input-network-filter

Controls which networks are added to the routing table of the Cisco IOS software.

ipx output-network-filter

Controls which servers are included in the GNS responses sent by the Cisco IOS software.

ipx router-filter

Filters the routers from which packets are accepted.

permit (IPX extended)

Sets conditions for a named IPX extended access list.

priority-list protocol

Establishes queueing priorities based on the protocol type.


access-list (IPX standard)

To define a standard IPX access list, use the standard version of the access-list command in global configuration mode. To remove a standard access list, use the no form of this command.

access-list access-list-number {deny | permit} source-network[.source-node[source-node-mask]] [destination-network[.destination-node [destination-node-mask]]]

no access-list access-list-number {deny | permit} source-network[.source-node[source-node-mask]] [destination-network[.destination-node [destination-node-mask]]]

Syntax Description

access-list-number

Number of the access list. This is a number from 800 to 899.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

source-network

Number of the network from which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.source-node

(Optional) Node on source-network from which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

source-node-mask

(Optional) Mask to be applied to source-node. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.

destination-network

(Optional) Number of the network to which the packet is being sent. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.destination-node

(Optional) Node on destination-network to which the packet is being sent. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

destination-node-mask

(Optional) Mask to be applied to destination-node. This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

Standard IPX access lists filter on the source network. All other parameters are optional.

Use the ipx access-group command to assign an access list to an interface. The access list filters all outgoing packets on the interface.

To delete a standard access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:

no access-list access-list-number

To delete the access list for a specific network, use the following command:

no access-list access-list-number {deny | permit} source-network

Examples

The following example denies access to traffic from all IPX networks (-1) to destination network 2:

access-list 800 deny -1 2

The following example denies access to all traffic from IPX address 1.0000.0c00.1111:

access-list 800 deny 1.0000.0c00.1111

The following example denies access from all nodes on network 1 that have a source address beginning with 0000.0c:

access-list 800 deny 1.0000.0c00.0000 0000.00ff.ffff

The following example denies access from source address 1111.1111.1111 on network 1 to destination address 2222.2222.2222 on network 2:

access-list 800 deny 1.1111.1111.1111 0000.0000.0000 2.2222.2222.2222 0000.0000.0000

or

access-list 800 deny 1.1111.1111.1111 2.2222.2222.2222

Related Commands

Command
Description

access-list (IPX extended)

Defines an extended Novell IPX access list.

deny (standard)

Sets conditions for a named IPX access list.

ipx access-group

Applies generic input and output filters to an interface.

ipx access-list

Defines an IPX access list by name.

ipx input-network-filter

Controls which networks are added to the routing table of the Cisco IOS software.

ipx output-network-filter

Controls the list of networks included in routing updates sent out an interface.

ipx router-filter

Filters the routers from which packets are accepted.

priority-list protocol

Establishes queueing priorities based on the protocol type.


access-list (NLSP)

To define an access list that denies or permits area addresses that summarize routes, use the NetWare Link-Services Protocol (NLSP) route aggregation version of the access-list command in global configuration mode. To remove an NLSP route aggregation access list, use the no form of this command.

access-list access-list-number {deny | permit} network network-mask [interface] [ticks ticks] [area-count area-count]

no access-list access-list-number {deny | permit} network network-mask [interface] [ticks ticks] [area-count area-count]

Syntax Description

access-list-number

Number of the access list. This is a number from 1200 to 1299.

deny

Denies redistribution of explicit routes if the conditions are matched. If you have enabled route summarization with route-aggregation command, the router redistributes an aggregated route instead.

permit

Permits redistribution of explicit routes if the conditions are matched.

network

Network number to summarize. An IPX network number is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of 0 matches the local network. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

network-mask

Specifies the portion of the network address that is common to all addresses in the route summary. The high-order bits of network-mask must be contiguous Fs, while the low-order bits must be contiguous zeros (0). An arbitrary mix of Fs and 0s is not permitted.

interface

(Optional) Interface on which the access list should be applied to incoming updates.

ticks ticks

(Optional) Metric assigned to the route summary. The default is 1 tick.

area-count area-count

(Optional) Maximum number of NLSP areas to which the route summary can be redistributed. The default is 6 areas.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

11.1

This command was introduced.

12.0

The interface argument was added.


Usage Guidelines

Use the NLSP route aggregation access list in the following situations:

When redistributing from an Enhanced IGRP or RIP area into a new NLSP area.

Use the access list to instruct the router to redistribute an aggregated route instead of the explicit route. The access list also contains a "permit all" statement that instructs the router to redistribute explicit routes that are not subsumed by a route summary.

When redistributing from an NLSP version 1.0 area into an NLSP version 1.1 area, and vice versa.

From an NLSP version 1.0 area into an NLSP version 1.1 area, use the access list to instruct the router to redistribute an aggregated route instead of an explicit route and to redistribute explicit routes that are not subsumed by a route summary.

From an NLSP version 1.1 area into an NLSP version 1.0 area, use the access list to instruct the router to filter aggregated routes from passing into the NLSP version 1.0 areas and to redistribute explicit routes instead.


Note NLSP version 1.1 routers refer to routers that support the route aggregation feature, while NLSP version 1.0 routers refer to routers that do not.


Examples

The following example uses NLSP route aggregation access lists to redistribute routes learned from RIP to NLSP area1. Routes learned via RIP are redistributed into NLSP area1. Any routes learned via RIP that are subsumed by aaaa0000 ffff0000 are not redistributed. An address summary is generated instead.

ipx routing
ipx internal-network 2000

interface ethernet 1 
 ipx network 1001
 ipx nlsp area1 enable

interface ethernet 2
 ipx network 2001

access-list 1200 deny aaaa0000 ffff0000
access-list 1200 permit -1

ipx router nlsp area
 area-address 1000 fffff000
 route-aggregation
 redistribute rip access-list 1200

Related Commands

Command
Description

area-address (NLSP)

Defines a set of network numbers to be part of the current NLSP area.

deny (NLSP)

Filters explicit routes and generates an aggregated route for a named NLSP route aggregation access list.

ipx access-list

Defines an IPX access list by name.

ipx nlsp enable

Configures the interval between the transmission of hello packets.

ipx router

Specifies the routing protocol to use.

permit (NLSP)

Allows explicit route redistribution in a named NLSP route aggregation access list.

prc-interval

Controls the hold-down period between partial route calculations.

redistribute (IPX)

Redistributes from one routing domain into another.


access-list (SAP filtering)

To define an access list for filtering Service Advertising Protocol (SAP) requests, use the SAP filtering form of the access-list command in global configuration mode. To remove the access list, use the no form of this command.

access-list access-list-number {deny | permit} network[.node] [network-mask.node-mask] [service-type [server-name]]

no access-list access-list-number {deny | permit} network[.node] [network-mask.node-mask] [service-type [server-name]]

Syntax Description

access-list-number

Number of the SAP access list. This is a number from 1000 to 1099.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

network

Network number. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE. A network number of -1 matches all networks.

You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

.node

(Optional) Node specified on the network. This is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).

network-mask.node-mask

(Optional) Mask to be applied to network and node. Place ones in the bit positions to be masked.

service-type

(Optional) Service type on which to filter. This is a hexadecimal number. A value of 0 means all services.

Table 47 in the "Usage Guidelines" section lists examples of service types.

server-name

(Optional) Name of the server providing the specified service type. This can be any contiguous string of printable ASCII characters. Use double quotation marks (" ") to enclose strings containing embedded spaces. You can use an asterisk (*) at the end of the name as a wildcard to match one or more trailing characters.


Defaults

No access lists are predefined.

Command Modes

Global configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

When configuring SAP filters for NetWare 3.11 and later servers, use the server's internal network and node number (the node number is always 0000.0000.0001) as its address in the access-list command. Do not use the network.node address of the particular interface board.

Table 47 lists some sample IPX SAP types. For more information about SAP types, contact Novell. Note that in the filter (specified by the service-type argument), we define a value of 0 to filter all SAP services. If, however, you receive a SAP packet with a SAP type of 0, this indicates an unknown service.

Table 47 Sample IPX SAP Services

Service Type (Hexadecimal)
Description

1

User

2

User group

3

Print server queue

4

File server

5

Job server

7

Print server

9

Archive server

A

Queue for job servers

21

Network Application Support Systems Network Architecture (NAS SNA) gateway

2D

Time Synchronization value-added process (VAP)

2E

Dynamic SAP

47

Advertising print server

4B

Btrieve VAP 5.0

4C

SQL VAP

7A

TES—NetWare for Virtual Memory System (VMS)

98

NetWare access server

9A

Named Pipes server

9E

Portable NetWare—UNIX

107

RCONSOLE

111

Test server

166

NetWare management (Novell's Network Management Station [NMS])

26A

NetWare management (NMS console)


To delete a SAP access list, specify the minimum number of keywords and arguments needed to delete the proper access list. For example, to delete the entire access list, use the following command:

no access-list access-list-number

To delete the access list for a specific network, use the following command:

no access-list access-list-number {deny | permit} network

Examples

The following access list blocks all access to a file server (service Type 4) on the directly attached network by resources on other Novell networks, but allows access to all other available services on the interface:

access-list 1001 deny -1 4
access-list 1001 permit -1

Related Commands

Command
Description

deny (SAP filtering)

Sets conditions for a named IPX SAP filtering access list.

ipx access-list

Defines an IPX access list by name.

ipx input-sap-filter

Controls which services are added to the routing table of the Cisco IOS software SAP table.

ipx output-gns-filter

Controls which servers are included in the GNS responses sent by the Cisco IOS software.

ipx output-sap-filter

Controls which services are included in SAP updates sent by the Cisco IOS software.

ipx router-sap-filter

Filters SAP messages received from a particular router.

permit (SAP filtering)

Sets conditions for a named IPX SAP filtering access list.

priority-list protocol

Establishes queueing priorities based on the protocol type.


area-address (NLSP)

To define a set of network numbers to be part of the current NetWare Link-Services Protocol (NLSP) area, use the area-address command in router configuration mode. To remove a set of network numbers from the current NLSP area, use the no form of this command.

area-address address mask

no area-address address mask

Syntax Description

address

Network number prefix. This is a 32-bit hexadecimal number.

mask

Mask that defines the length of the network number prefix. This is a 32-bit hexadecimal number.


Defaults

No area address is defined by default.

Command Modes

Router configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

You must configure at least one area address before NLSP will operate.

The area-address command defines a prefix that includes all networks in the area. This prefix allows a single route to an area address to substitute for a longer list of networks.

All networks on which NLSP is enabled must fall under the area address prefix. This configuration is for future compatibility. When Level 2 NLSP becomes available, the only route advertised for the area will be the area address prefix (the prefix represents all networks within the area).

All routers in an NLSP area must be configured with a common area address, or they will form separate areas. You can configure up to three area addresses on the router.

The area address must have zero bits in all bit positions where the mask has zero bits. The mask must consist of only left-justified contiguous one bits.

Examples

The following example defines an area address that includes networks AAAABBC0 through AAAABBDF:

area-address AAAABBC0 FFFFFFE0

The following example defines an area address that includes all networks:

area-address 0 0

Related Commands

Command
Description

ipx router

Specifies the routing protocol to use.


clear ipx accounting

To delete all entries in the accounting database when IPX accounting is enabled, use the clear ipx accounting command in EXEC mode.

clear ipx accounting [checkpoint]

Syntax Description

checkpoint

(Optional) Clears the checkpoint database.


Command Modes

EXEC

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

Specifying the clear ipx accounting command with no keywords copies the active database to the checkpoint database and clears all entries in the active database. When cleared, active database entries and static entries, such as those set by the ipx accounting-list command, are reset to zero. Dynamically found entries are deleted.

Any traffic that traverses the router after you issue the clear ipx accounting command is saved in the active database. Accounting information in the checkpoint database at that time reflects traffic prior to the most recent clear ipx accounting command.

You can also delete all entries in the active and checkpoint database by issuing the clear ipx accounting command twice in succession.

Examples

The following example first displays the contents of the active database before the contents are cleared. Then, the clear ipx accounting command clears all entries in the active database. As a result, the show ipx accounting command shows that there is no accounting information in the active database. Lastly, the show ipx accounting checkpoint command shows that the contents of the active database were copied to the checkpoint database when the clear ipx accounting command was issued.

Router# show ipx accounting

Source                  Destination                Packets           Bytes
0000C003.0000.0c05.6030 0000C003.0260.8c9b.4e33         72            2880
0000C001.0260.8c8d.da75 0000C003.0260.8c9b.4e33         14             624
0000C003.0260.8c9b.4e33 0000C001.0260.8c8d.da75         62            3110
0000C001.0260.8c8d.e7c6 0000C003.0260.8c9b.4e33         20            1470
0000C003.0260.8c9b.4e33 0000C001.0260.8c8d.e7c6         20            1470

Accounting data age is      6

Router# clear ipx accounting
Router# show ipx accounting

Source                  Destination                Packets           Bytes

Accounting data age is      0

Router# show ipx accounting checkpoint

Source                  Destination                Packets           Bytes
0000C003.0000.0c05.6030 0000C003.0260.8c9b.4e33         72            2880
0000C001.0260.8c8d.da75 0000C003.0260.8c9b.4e33         14             624
0000C003.0260.8c9b.4e33 0000C001.0260.8c8d.da75         62            3110
0000C001.0260.8c8d.e7c6 0000C003.0260.8c9b.4e33         20            1470
0000C003.0260.8c9b.4e33 0000C001.0260.8c8d.e7c6         20            1470

Accounting data age is      6

Related Commands

Command
Description

ipx accounting

Enables IPX accounting.

ipx accounting-list

Filters networks for which IPX accounting information is kept.

ipx accounting-threshold

Sets the maximum number of accounting database entries.

ipx accounting-transits

Sets the maximum number of transit entries that will be stored in the IPX accounting database.

show ipx accounting

Displays the active or checkpoint accounting database.


clear ipx cache

To delete entries from the IPX fast-switching cache, use the clear ipx cache command in EXEC mode.

clear ipx cache

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The clear ipx cache command clears entries used for fast switching and autonomous switching.

Examples

The following example deletes all entries from the IPX fast-switching cache:

clear ipx cache

Related Commands

Command
Description

ipx route-cache

Enables IPX fast switching.

show ipx cache

Displays the contents of the IPX fast-switching cache.


clear ipx nhrp

To clear all dynamic entries from the Next Hop Resolution Protocol (NHRP) cache, use the clear ipx nhrp command in EXEC mode.

clear ipx nhrp

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

This command does not clear any static (configured) IPX-to-NBMA address mappings from the NHRP cache.

Examples

The following example clears all dynamic entries from the NHRP cache for the interface:

clear ipx nhrp 

Related Commands

Command
Description

show ipx nhrp

Displays the NHRP cache.


clear ipx nlsp neighbors

To delete all NetWare Link Services Protocol (NLSP) adjacencies from the adjacency database of Cisco IOS software, use the clear ipx nlsp neighbors command in EXEC mode.

clear ipx nlsp [tag] neighbors

Syntax Description

tag

(Optional) Names the NLSP process. The tag can be any combination of printable characters.


Command Modes

EXEC

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

Deleting all entries from the adjacency database forces all routers in the area to perform the shortest path first (SPF) calculation.

When you specify an NLSP tag, the router clears all NLSP adjacencies discovered by that NLSP process. An NLSP process is a router's databases working together to manage route information about an area. NLSP version 1.0 routers are always in the same area. Each router has its own adjacencies, link-state, and forwarding databases. These databases operate collectively as a single process to discover, select, and maintain route information about the area. NLSP version 1.1 routers that exist within a single area also use a single process.

NLSP version 1.1 routers that interconnect multiple areas use multiple processes to discover, select, and maintain route information about the areas they interconnect. These routers manage an adjacencies, link-state, and area address database for each area to which they attach. Collectively, these databases are still referred to as a process. The forwarding database is shared among processes within a router. The sharing of entries in the forwarding database is automatic when all processes interconnect NLSP version 1.1 areas.

Configure multiple NLSP processes when a router interconnects multiple NLSP areas.


Note NLSP version 1.1 routers refer to routers that support the route aggregation feature, while NLSP version 1.0 routers refer to routers that do not.


Examples

The following example deletes all NLSP adjacencies from the adjacency database:

clear ipx nlsp neighbors

The following example deletes the NLSP adjacencies for process area2:

clear ipx nlsp area2 neighbors

Related Commands

Command
Description

ipx router

Specifies the routing protocol to use.

spf-interval

Controls how often the Cisco IOS software performs the SPF calculation.


clear ipx route

To delete routes from the IPX routing table, use the clear ipx route command in EXEC mode.

clear ipx route {network [network-mask] | default | *}

Syntax Description

network

Number of the network whose routing table entry you want to delete. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFD. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.

network-mask

(Optional) Specifies the portion of the network address that is common to all addresses in an NLSP route summary. When used with the network argument, it specifies the an NLSP route summary to clear.

The high-order bits specified for the network-mask argument must be contiguous Fs, while the low-order bits must be contiguous zeros (0). An arbitrary mix of Fs and 0s is not permitted.

default

Deletes the default route from the routing table.

*

Deletes all routes in the routing table.


Command Modes

EXEC

Command History

Release
Modification

10.0

This command was introduced.

11.1

The following keyword and argument were added:

network-mask

default


Usage Guidelines

After you use the clear ipx route command, RIP/SAP general requests are issued on all IPX interfaces.

For routers configured for NLSP route aggregation, use this command to clear an aggregated route from the routing table.

Examples

The following example clears the entry for network 3 from the IPX routing table:

clear ipx route 3

The following example clears a route summary entry from the IPX routing table:

clear ipx route ccc00000 fff00000

Related Commands

Command
Description

show ipx route

Displays the contents of the IPX routing table.


clear ipx sap

To clear IPX SAP entries from the IPX routing table, use the clear ipx sap command in EXEC mode.

clear ipx sap {* | sap-type | sap-name}

Syntax Description

*

Clears all IPX SAP service entries by marking them invalid.

sap-type

Specifies the type of services that you want to clear by marking as invalid. This is an four-digit hexadecimal number that uniquely identifies a service type. It can be a number in the range 1 to FFFF. You do not need to specify leading zeros in the service number. For example, for the service number 00AA, you can enter AA.

sap-name

Specifies a certain name of service so that you can clear IPX SAP service entries that begin with the specified name. The name can be any contiguous string of printable ASCII characters. You can use an asterisk (*) at the end of the name as a wildcard to match one or more trailing characters. For example, to clear all services that begin with the name "accounting," enter the command clear ipx sap accounting* to clear all services that begin with the name "accounting". Use double quotation marks (" ") to enclose strings containing embedded spaces.


Command Modes

EXEC

Command History

Release
Modification

12.0(5)T

This command was introduced.


Usage Guidelines

You can use the clear ipx sap command to research problems with the service table.

Examples

The following example clears all service entries from the IPX routing table:

clear ipx sap *

clear ipx traffic

To clear IPX protocol and NetWare Link Services Protocol (NLSP) traffic counters, use the clear ipx traffic command in privileged EXEC mode.

clear ipx [nlsp] traffic

Syntax Description

nlsp

(Optional) Clears only the NLSP traffic counters and leaves other IPX traffic counters intact.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(1)T

This command was introduced.


Usage Guidelines

Use the show ipx traffic since bootup command to recall traffic statistics that have been previously cleared.

Examples

The following example clears all IPX traffic statistics:

clear ipx traffic

Related Commands

Command
Description

show ipx traffic

Displays information about the number and type of IPX packets sent and received.


deny (extended)

To set conditions for a named IPX extended access list, use the deny command in access-list configuration mode. To remove a deny condition from an access list, use the no form of this command.

deny protocol [source-network][[[.source-node] source-node-mask] | [.source-node source-network-mask.source-node-mask]] [source-socket] [destination-network][[[.destination-node] destination-node-mask] | [.destination-node destination-network-mask.destination-node-mask]] [destination-socket] [