Re: Puzzlled by the netbios and mac address access-list, need help

From: Wu Jiang (wujiang@xxxxxxxxx)
Date: Thu Jan 11 2001 - 06:36:39 GMT-3

• Next message: Lykourgiotis Paraskevas: "RE: Second Attempts"
• Previous message: Jiang: "Re[2]: Puzzlled by the netbios and mac address access-list, need help"
• Maybe in reply to: Jiang: "Puzzlled by the netbios and mac address access-list, need help"
• Next in thread: Wu Jiang: "Re: Puzzlled by the netbios and mac address access-list, need help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
It makes things more clear for C and D, but I cannot figure out why A and B can
't work. I will setup a lab to test it.

Thanks,
Wu

----- Original Message -----
From: "Justin Menga" <Justin.Menga@computerland.co.nz>
To: "'Wu Jiang'" <wujiang@bj163.com>
Cc: <ccielab@groupstudy.com>
Sent: Thursday, January 11, 2001 4:55 PM
Subject: RE: Puzzlled by the netbios and mac address access-list, need help

> Only C or D will work - it really depends on the scenario. E.g. C cuts Host
> C away from ANY DLSW peer - whereas D only allows Host B to access Host A.
>
> Regards,
>
> Justin Menga CCIE #6640 MCSE+I CCSE
> WAN Specialist
> Computerland New Zealand
> PO Box 3631, Auckland
> DDI: (+64) 9 360 4864 Mobile: (+64) 25 349 599
> mailto: justin.menga@computerland.co.nz
>
>
>
> -----Original Message-----
> From: Wu Jiang [mailto:wujiang@bj163.com]
> Sent: Thursday, January 11, 2001 8:33 PM
> Cc: ccielab@groupstudy.com
> Subject: Re: Puzzlled by the netbios and mac address access-list, need
> help
>
>
> In D, should it be host-netbios-out? Or if you want to permit only one mac
> address (of hostA), you can use dest-mac option to simplify configuration.
> I would prefer C and D because they don't send unwanted traffic over the WAN
> link. Using C, even explorer packets are filtered.
>
> ----- Original Message -----
> From: "Jiang" <jianggx@transcentury.com.cn>
> To: <ccielab@groupstudy.com>
> Sent: Thursday, January 11, 2001 2:18 PM
> Subject: Puzzlled by the netbios and mac address access-list, need help
>
>
> > Hello,
> >
> > I think the dlsw is my weekness, especially about the access-list,
> > I try to find more information about them, but I am still very
> > puzzled. for example, if I have the topology just like the following:
> >
> > ethernet hdlc ethernet
> > hostA--------Router1----------Router2---------hostB
> > |
> > |
> > hostC
> >
> > Now I want hosts on the ethernet of Router2 can only access hostA on
> the
> > ethernet of Router1. Router1 and Router2 are configed as dlsw+ peers.
> > I think I can using the following methods to get it, but I can't sure
> > which one is right and if more than one are right, which one is the
> > best? and what is the diffrence among them?
> >
> > A:
> > on Router1
> > netbios access-list host test permit hostA
> > netbios access-list host test deny *
> >
> > interface e0
> > netbios input-access-filter host test
> >
> > B:
> > still on Router1
> > netbios access-list host test permit hostA
> > netbios access-list host test deny *
> >
> > interface e0
> > netbios output-access-filter host test
> >
> > C:
> > also on Router1
> > dlsw dlsw icanreach netbios-name hostA
> > dlsw icanreach netbios-exclusive
> >
> > D:
> > on Router2
> > netbios access-list host test permit hostA
> > netbios access-list host test deny *
> >
> > dlsw remote-peer 0 tcp 1.1.1.1 dmac-output-list test
> >
> >
> > As for A and B, I found in documtation that input-access-filter is based
> > on the source, the output-access-filter is based on destination. So I
> > think A and B are all right, right? What is the difference between
> > them. I think if I using input-access-filter, the Router2 and hostB
> > can't know any other hosts except hostA, eg it can't see hostC. But
> if I use
> > output-access-filter, the Router2 and hostB will see hostC too, but
> > just can't access hostC, the packet is denied on the point where the
> traffic
> > will leave the router1's ethernet. Do you think I am right or not?
> >
> > As for C, I think in my condition, it is the same as A. right? hostB
> > will only see hostA.
> >
> > D, I think is just like B, hostB can see any host on the remote, eg
> > hostA, hostC..., but just can access hostA.
> >
> > I just searched the archive, think there are maybe more solutions, but
> > I am really not very clear about it, especially don't know I should
> > using which one under different conditions? I think there is only one
> > best solution under specail conditions.
> >
> > Best regards,
> > Hiler mailto:jianggx@transcentury.com.cn
> >
> >

• Next message: Lykourgiotis Paraskevas: "RE: Second Attempts"
• Previous message: Jiang: "Re[2]: Puzzlled by the netbios and mac address access-list, need help"
• Maybe in reply to: Jiang: "Puzzlled by the netbios and mac address access-list, need help"
• Next in thread: Wu Jiang: "Re: Puzzlled by the netbios and mac address access-list, need help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:27 GMT-3