From: Fred Ingham (fningham@xxxxxxxxxxxxxxxx)
Date: Fri Jan 19 2001 - 23:09:28 GMT-3
Agree with Roger. The NetBIOS name filter filters NetBIOS Name_Queries
so if
you don't want JCONNARY-WK2 to establish a circuit with JULIE-95 you
would have
the following on r3 (home of JCONNARY-WK2):
netbios access-list host TEST deny JULIE-95
netbios access-list host TEST permit *
dlsw remote-peer 0 tcp 170.100.25.2 host-netbios-out TEST
You may still see JULIE-95 in the reachability cache but it will be
filtered
when a connection is attempted. Do a deb dlsw to see the packets
filtered.
Fred.
Roger Dellaca wrote:
>
> If I've read your scenario right, the netbios access-list on R3 should deny J
ULIE-95.
> or put the existing one on R2.
>
> >>> "Connary, Julie Ann" <jconnary@cisco.com> 01/19 2:05 PM >>>
> Hi All,
>
> I went back and read all the messages on netbios filtering and it still
> doesn't work as I expected, can
> someone point out my problem? I think I'm just missing something really
> simple here.
>
> I have a simple netowrk:
>
> --------netbeuie pc-on Ethernet---r2------ip network-----r3----ethernet -
> netbeui pc
>
name
> jconnary-w2k
> netbios name julie-95
>
> So I wanted to prevent jconnary-w2k on R3's ethernet from establishing a
> circuit with julie-95 on R2's ethernet.
>
> First I filtered sap f0f0, worked great.
> Then I tried netbios name filtering.
>
> On R3 I setup a netbios access-list and applied it to the remote-peer
> statement for R2.
>
> netbios access-list host selab deny JCONNARY-W2K
> netbios access-list host selab permit *
> enable password cisco
> !
> username r5 password 0 julie
> ip subnet-zero
> no ip domain-lookup
> isdn switch-type basic-ni
> !
> sap-priority-list 1 medium dmac 0001.38ac.1f00
> source-bridge ring-group 30
> dlsw local-peer peer-id 170.100.3.1
> dlsw remote-peer 0 tcp 170.100.25.2 priority host-netbios-out selab
> dlsw duplicate-path-bias load-balance
> dlsw timer explorer-wait-time 10
>
> But I still get a connection. I looked at debug and I can watch the
> connection be setup - but why? I even tried lower and upper case
> on my access-list with the same results. I then read manuals and looked in
> emails and they all say to do it this way - that this would filter the
> request from jconnary-w2k going to julie-95 and would
> filter any return traffic if julie-95 tried to establish the connection.
>
> Or have I got that wrong?
>
> Julie Ann
> ------------------------------------------------------------------------
> Julie Ann Connary
> | | Network Consulting Engineer
> ||| ||| Federal Support Program
> .|||||. .|||||. 13635 Dulles Technology Drive,
> Herndon VA 20171
> .:|||||||||:.:|||||||||:. Pager: 1-888-642-0551
> c i s c o S y s t e m s Email: jconnary@cisco.com
>
> ------------------------------------------------------------------------
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:36 GMT-3