Netbios Access Lists

From: Jason T. Rohm (jtrohm@xxxxxxxxxxx)
Date: Sun Jun 11 2000 - 16:42:24 GMT-3

• Next message: abdul_rahim@xxxxxxxxxxxxxx: "Re: DDR config with EIGRP and OSPF"
• Previous message: David H. Brown: "RE: OSPF On-demand Circuit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Have a question about the Windows 98 (and for that matter how any netbios
system) name discovery/registration procedure.

I have a Windows 98 machine and a WinNT workstation on an ethernet segment,
and two windows NT 4.0 workstations on a token-ring segment. I have
source-route transparent bridging running on a 2513 between them. I am not
running netbios name caching.

With no filtering, I am able to reach the token-ring NT workstations from
my Win98 workstation. If I enable a mac address filter, or a netbios name
filters on the token-ring interface, I can block access to the token-ring
WinNT workstations, but the machine never disappears from my network
neighborhood (even after a reboot)...

Does anyone know why?

-Jason T. Rohm
 jtrohm@athenet.net

2513A Config:

Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname 2513A
!
netbios access-list host BLOCK2 deny NTSRV2*
netbios access-list host BLOCK2 permit *
aaa new-model
aaa authentication login LOCAL local
aaa authorization exec local
!
username jtrohm privilege 15 password 0 ***********
username backdoor privilege 15 password 0 *********
no ip source-route
no ip domain-lookup
source-bridge ring-group 69
source-bridge transparent 69 96 1 10
!
interface Loopback0
 ip address 10.254.254.5 255.255.255.252
!
interface Ethernet0
 ip address 10.0.10.7 255.255.255.0
 bridge-group 10
!
interface Serial0
 no ip address
 shutdown
 no fair-queue
!
interface Serial1
 no ip address
 shutdown
!
interface TokenRing0
 ip address 10.0.15.254 255.255.255.0 secondary
 ip address 10.0.15.1 255.255.255.0
 ring-speed 16
 source-bridge 5 1 69
 source-bridge spanning
 source-bridge input-address-list 701
 source-bridge output-address-list 701
 netbios input-access-filter host BLOCK2
 netbios output-access-filter host BLOCK2
!
router eigrp 101
 passive-interface Loopback0
 network 10.0.0.0
!
ip classless
access-list 701 deny 0055.0071.1bb8 0000.0000.0000
access-list 701 permit 0000.0000.0000 ffff.ffff.ffff
!
bridge 10 protocol ieee
!
line con 0
 exec-timeout 0 0
 login authentication LOCAL
 escape-character BREAK
line aux 0
line vty 0 4
 exec-timeout 0 0
 login authentication LOCAL
!
end

• Next message: abdul_rahim@xxxxxxxxxxxxxx: "Re: DDR config with EIGRP and OSPF"
• Previous message: David H. Brown: "RE: OSPF On-demand Circuit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:41 GMT-3