dlsw netbios name filtering

From: Dezso Csonka (dcsonka@xxxxxxxxx)
Date: Thu Aug 24 2000 - 08:07:34 GMT-3

• Next message: STC Chen Duan: "ipx sap-incremental eigrp"
• Previous message: SIT Yao Fucheng: "second try about appltalk rtmp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi,

I have the following scenario:

NTDEMO-HN-BUD----l
                                       l
LAB-VCONA-----------l-e1-r1-e0----------e0-r2-e1-------BUDLAB-NTB
                                       l
                                   vlan1

r1 & r2 are dlsw peers. NTDEMO-HN-BUD, LAB-VCONA and BUDLAB-NTB are nt
servers with netbeui. I created netbios name filter on r1 expecting
NTDEMO-HN-BUD to filter out towards r2. Apart from my expectation the result
is the following:

r1#sh dlsw re
DLSw Local MAC address reachability cache list
Mac Addr status Loc. port rif
0005.93a3.3243 FOUND LOCAL TBridge-001 --no rif--
000b.60f9.d775 FOUND LOCAL TBridge-001 --no rif--
000b.ed22.e562 FOUND LOCAL TBridge-001 --no rif--

DLSw Remote MAC address reachability cache list
Mac Addr status Loc. peer
0007.1843.3576 FOUND REMOTE 1.1.1.2(2065)
000b.60f9.d765 FOUND REMOTE 1.1.1.2(2065)

DLSw Local NetBIOS Name reachability cache list
NetBIOS Name status Loc. port rif
LAB-VCONA FOUND LOCAL TBridge-001 --no rif--
NTDEMO-HN-BUD FOUND LOCAL TBridge-001 --no rif--

DLSw Remote NetBIOS Name reachability cache list
NetBIOS Name status Loc. peer
BUDLAB-NTB FOUND REMOTE 1.1.1.2(2065)

This is so far so good, but see the following:

r2#sh dlsw re
DLSw Local MAC address reachability cache list
Mac Addr status Loc. port rif
0007.1843.3576 FOUND LOCAL TBridge-001 --no rif--
000b.60f9.d765 FOUND LOCAL TBridge-001 --no rif--

DLSw Remote MAC address reachability cache list
Mac Addr status Loc. peer
000b.60f9.d775 FOUND REMOTE 1.1.1.1(2065)

DLSw Local NetBIOS Name reachability cache list
NetBIOS Name status Loc. port rif
BUDLAB-NTB FOUND LOCAL TBridge-001 --no rif--

DLSw Remote NetBIOS Name reachability cache list
NetBIOS Name status Loc. peer

r2 knows nothing about LAB-VCONA. So it is filtered out on r1 too. Putting
this filter on r1 results in not being able to make any connection between
the remote computers. (browsed the net with find computers on all nt's and
they can connect only to the local machines)

One more thing is worth mentioning. In my first try i put only one deny
statement into netbios name filter, namely denying one of the nt's on r1.
After that i did not get anything on r2 from r1 (non of the two nts). Ok I
thought, there is an explicit deny after the filter. Thats why i put a
permit statement before the deny (see in config).

Has anybody tested something like this before?

Here are the configs:
********************************************
r1#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r1
!
netbios access-list host LISTA permit LAB*
netbios access-list host LISTA deny NTD*
enable password cisco
!
ip subnet-zero
ip dvmrp route-limit 20000
frame-relay switching
!
voice-port 1/0/0
!
voice-port 1/0/1
!
!
dlsw local-peer peer-id 1.1.1.1
dlsw remote-peer 0 tcp 1.1.1.2 host-netbios-out LISTA
dlsw bridge-group 1
!
!
!
interface Ethernet0/0
 ip address 1.1.1.1 255.255.255.0
 no ip directed-broadcast
!
interface Serial0/0
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay
 no ip route-cache
 no ip mroute-cache
 fair-queue 512 256 0
 clockrate 500000
 frame-relay intf-type dce
!
interface Serial0/0.1 point-to-point
 bandwidth 512
 ip address 10.1.82.10 255.255.255.0
 no ip directed-broadcast
 ip pim dense-mode
 no ip route-cache
 no ip mroute-cache
 frame-relay interface-dlci 100
!
interface Ethernet0/1
 no ip address
 no ip directed-broadcast
 bridge-group 1
!
interface Serial0/1
 no ip address
 no ip directed-broadcast
 shutdown
!
router eigrp 10
 network 10.0.0.0
!
ip nat translation timeout never
ip nat translation tcp-timeout never
ip nat translation udp-timeout never
ip nat translation finrst-timeout never
ip nat translation syn-timeout never
ip nat translation dns-timeout never
ip nat translation icmp-timeout never
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.80.22
!
!
map-class frame-relay fr1
!
bridge 1 protocol ieee
!
line con 0
 exec-timeout 0 0
 transport input none
line aux 0
line vty 0 4
 password cisco
 login
!
end
*************************************************

r2#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r2
!
!
ip subnet-zero
!
voice-port 1/0/0
!
voice-port 1/0/1
!
!
dlsw local-peer peer-id 1.1.1.2
dlsw remote-peer 0 tcp 1.1.1.1
dlsw bridge-group 1
!
!
!
interface Ethernet0/0
 ip address 1.1.1.2 255.255.255.0
 no ip directed-broadcast
!
interface Serial0/0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Ethernet0/1
 no ip address
 no ip directed-broadcast
 bridge-group 1
!
interface Serial0/1
 no ip address
 no ip directed-broadcast
 shutdown
!
ip nat translation timeout never
ip nat translation tcp-timeout never
ip nat translation udp-timeout never
ip nat translation finrst-timeout never
ip nat translation syn-timeout never
ip nat translation dns-timeout never
ip nat translation icmp-timeout never
ip classless
!
!
bridge 1 protocol ieee
!
line con 0
 exec-timeout 0 0
 transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end

• Next message: STC Chen Duan: "ipx sap-incremental eigrp"
• Previous message: SIT Yao Fucheng: "second try about appltalk rtmp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:29 GMT-3