Still question about netbios access-list, that really let me down!!!

From: Jiang (jianggx@xxxxxxxxxxxxxxxxxxx)
Date: Fri Jan 12 2001 - 04:26:04 GMT-3

• Next message: Lykourgiotis Paraskevas: "RE: NAT with secondary address"
• Previous message: Erick B.: "RE: In defense of the lab..."
• Next in thread: Wu Jiang: "Re: Still question about netbios access-list, that really let me down!!!"
• Maybe reply: Wu Jiang: "Re: Still question about netbios access-list, that really let me down!!!"
• Maybe reply: zhangxianqi: "Re: Still question about netbios access-list, that really let me down!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hello,

I just asked one questions about the netbios access-list, thanks
everyone that answered me. But I am not very clearly about it,
today I set a test lab in my company, but the result really let me
down. All methods didn't work at all, so I really need your help
to found out my mistakes.

First I found I made one big mistake int my first mail, the command
"netbios input-access-filter host test" can only configed under
tokenring interface. But I think my question is the same, A or B will
work well or not under token interface?

because I don't have tokenring, so I just test C and D in my
ethernet, I am confirmed C and D will work. But even I combind C and
D. It didn't work. The following is my connection and config:

 LANA e0 HDLC e0 LANB
-------- R5---------------R3---------------
  | | |
notepad2 JGX HP-SERVER

There is only one host named "notepad2" on the LANA, LANB is my
company lan, so there are many hosts on it, eg JGX, HP-SERVER.

I want notepad2 can only access JGX, maybe just can see JGX in its
neighbor windows. First I just config on R3:
dlsw icanreach netbios-exclusive
dlsw icanreach netbios-name JGX

It didn't work, I can see all hosts on notepad2's net neighbor
windown and can access everyone, so I add the following commands on
R5:
netbios access-list host test permit JGX
netbios access-list host test deny *
dlsw remote-peer 0 tcp 200.1.1.3 host-netbios-out test

I still can see everyone and access everyone, what's wrong? my config
is wrong or my test conditions are wrong? Thanks for your help.

The following is my config(combined C and D):
r5#show run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r5
!
netbios access-list host test permit JGX
netbios access-list host test deny *
!
ip subnet-zero
no ip domain-lookup
!
!
!
dlsw local-peer peer-id 200.1.1.5
dlsw remote-peer 0 tcp 200.1.1.3 host-netbios-out test
dlsw bridge-group 1
!
!
interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
 no ip directed-broadcast
 bridge-group 1
!
interface Serial0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial1
 ip address 200.1.1.5 255.255.255.0
 no ip directed-broadcast
!
interface BRI0
 no ip address
 no ip directed-broadcast
 shutdown
!
ip classless
!
!
bridge 1 protocol ieee
!
line con 0
 transport input none
line aux 0
line vty 0 4
!
end

r3#show run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r3
!
ip subnet-zero
no ip domain-lookup
!
!
dlsw local-peer peer-id 200.1.1.3
dlsw remote-peer 0 tcp 200.1.1.5
dlsw icanreach netbios-exclusive
dlsw icanreach netbios-name JGX
dlsw bridge-group 1
!
!
interface Ethernet0
 ip address 192.1.1.88 255.255.255.0
 no ip directed-broadcast
 bridge-group 1
!
interface Serial0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial1
 ip address 200.1.1.3 255.255.255.0
 no ip directed-broadcast
 clockrate 2000000
!
interface BRI0
 no ip address
 no ip directed-broadcast
 shutdown
!
ip classless
no ip http server
!
!
bridge 1 protocol ieee
!
line con 0
 transport input none
line aux 0
line vty 0 4
!
end

r3#

when I using "show dlsw reach", I found there are two entries about
JGX. I think one is through the peer capability, one is dynamic found.

r5#show dlsw reachability
DLSw Local MAC address reachability cache list
Mac Addr status Loc. port rif
0008.25e9.4567 FOUND LOCAL TBridge-001 --no rif--

DLSw Remote MAC address reachability cache list
Mac Addr status Loc. peer
......
0044.0044.0044 FOUND REMOTE 200.1.1.3(2065)
0080.6780.2b30 FOUND REMOTE 200.1.1.3(2065)
......

DLSw Local NetBIOS Name reachability cache list
NetBIOS Name status Loc. port rif
NOTEPAD2 FOUND LOCAL TBridge-001 --no rif--

DLSw Remote NetBIOS Name reachability cache list
NetBIOS Name status Loc. peer
......
HP-SERVER FOUND REMOTE 200.1.1.3(2065)
HUHAILONG FOUND REMOTE 200.1.1.3(2065)
JGX UNCONFIRM REMOTE 200.1.1.3(2065)
JGX FOUND REMOTE 200.1.1.3(2065)
......

Thanks a lot.
Hiler

--
Best regards,
Guoxing Jiang                        mailto:jianggx@transcentury.com.cn

• Next message: Lykourgiotis Paraskevas: "RE: NAT with secondary address"
• Previous message: Erick B.: "RE: In defense of the lab..."
• Next in thread: Wu Jiang: "Re: Still question about netbios access-list, that really let me down!!!"
• Maybe reply: Wu Jiang: "Re: Still question about netbios access-list, that really let me down!!!"
• Maybe reply: zhangxianqi: "Re: Still question about netbios access-list, that really let me down!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:28 GMT-3