RE: DDR Interesting traffic

From: Rich Gondek (rgondek@xxxxxxxx)
Date: Tue Aug 10 1999 - 20:50:49 GMT-3

• Next message: Jason Aarons: "Re: OSPF network; inverse mask question...."
• Previous message: Bill Carter: "DDR Interesting traffic"
• Maybe in reply to: Bill Carter: "DDR Interesting traffic"
• Next in thread: David Oakman: "RE: DDR Interesting traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Bill,

You could set up an access list and run a debug IP packet against the access
list. Tweak the access list as you find things, to narrow down to the
details you need. You may find, however, that the traffic that keeps
bringing up the link is a broadcast to the (possibly incorrect) subnet. The
PC's may be broadcasting to a subnet 10.x.x.255 (or 10.255.255.255) on UDP
port 137 and probably UDP port 138. Dirty Dirty Bad Bad NetBIOS over
TCP/IP. Even with WINS, and all of the clients set to H-node, they will
still broadcast if the WINS query times out. I don't think they wait very
long at all, and they broadcast to the subnet. The "no IP directed
broadcast" may not be blocking it "in time" before the link comes up. I set
up an 804 for a customer recently and had to block 137/138 outbound to some
broadcast addresses. I thought it was odd, but was busy with some inbound
voice issues, so I really didn't bother with it much.

Rich

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Bill Carter
Sent: Tuesday, August 10, 1999 5:59 PM
To: CCIE Lab group
Subject: DDR Interesting traffic

I am working on a ip dialer-list for ISDN DDR. I have denied broadcast
from being interesting. This network has NT servers on either side of
the ISDN. Interesting traffic from PC's and NT Servers keeps bringing
the DDR up. The traffic is not broadcasts. How can I tell what traffic
is interesting by port number. The servers are running WINS and doing
domain/SAM synchronization. The servers also have a trust relationship.

interface BRI0/0
 ip address 10.1.1.4 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer map ip 10.1.1.1 name bill broadcast 180008358663
 dialer map ip 10.1.1.1 name bill broadcast 180008358661
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 0835866201
 isdn spid2 0835866401

access-list 101 deny ip any host 255.255.255.255
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101

--
~~~~~~~~~~~~~~~~~~~~~~~~
Bill Carter
Favorite Quote
"bodega stuck again... "
   -Cisco Bug CSCdk37204
~~~~~~~~~~~~~~~~~~~~~~~~

• Next message: Jason Aarons: "Re: OSPF network; inverse mask question...."
• Previous message: Bill Carter: "DDR Interesting traffic"
• Maybe in reply to: Bill Carter: "DDR Interesting traffic"
• Next in thread: David Oakman: "RE: DDR Interesting traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:46 GMT-3