Re: netbios filters

From: Bernard Dunn (dunn@xxxxxxxxx)
Date: Thu Feb 01 2001 - 23:16:56 GMT-3

• Next message: Chuck Church: "What takes precedence, IP forward protocol or ACL?"
• Previous message: YJC: "Re: netbios filters"
• Maybe in reply to: Brian Hescock: "netbios filters"
• Next in thread: Justin Menga: "RE: netbios filters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Brian,

That's okay, since you will see whether the netbios name is in either
local or remote reachability cache.

As you've picked it, you either don't allow the netbios name into
reachability cache, or just limit the reachability of the names. The
ethernet side of things starts to get a little hairy, since you have to
filter mac address, offset bytes, and then the sap types, etc.. Fun, yes?

Reegards

Bernard.

On Thu, 1 Feb 2001, Brian Hescock wrote:

> I believe that's the same command that's used on all remote-peers and it
> doesn't filter the name, it just prevents a connection from being made (it
> still shows up in "show dlsw reach".
>
> B.
>
> On Thu, 1 Feb 2001, Dave Martin wrote:
>
> > on P-O-D's you can use:
> >
> > netbios access-list host hostlist deny HOMEPC
> > netbios access-list host hostlist permit *
> > !
> > dlsw local-peer peer-id 2.1.1.1 group 10 promiscuous
> > dlsw peer-on-demand-defaults host-netbios-out hostlist
> >
> > filters just one host notice no remote-peer name.....good luck. remember t
o
> > use dlsw disable & dlsw no disable
> >
> > -Dave Martin
> >
> >
> >
> > ----- Original Message -----
> > From: "Brian Hescock" <bhescock@cisco.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Thursday, February 01, 2001 2:01 PM
> > Subject: netbios filters
> >
> >
> > > ok, this is probably a stupid question but I can seem to find it
> > > anywhere, perhaps it isn't possible. Netbios filters only seem to be
> > > allowed on token ring interfaces, other than on the dlsw remote-peer
> > > command. But that command only keeps connections from being formed by
> > > blocking the name query it seems and the entries still make it into the
> > > reachability table. Is there a way to filter netbios so I
> > > don't even get the netbios names in the reachability info? The only way
I
> > > can think to do it would be a real kluge:
> > >
> > > - on the remote-peer use "netbios-exclusive" and not have any
> > > "icanreach" netbios commands. I would think this *should* prevent it from
> > > forwarding any netbios. Again, this would be a complete kluge and this
> > > wouldn't work if you wanted to just filter out one name.
> > >
> > > Is there a way to do it?
> > >
> > > Brian
> > >
> > >

• Next message: Chuck Church: "What takes precedence, IP forward protocol or ACL?"
• Previous message: YJC: "Re: netbios filters"
• Maybe in reply to: Brian Hescock: "netbios filters"
• Next in thread: Justin Menga: "RE: netbios filters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:33 GMT-3