RE: What takes precedence, IP forward protocol or ACL?

From: Robert DeVito (robertdevito@xxxxxxxxxxx)
Date: Fri Feb 02 2001 - 04:42:13 GMT-3

   
That's true, you would have to add netbeui on all workstations.

Robert

----Original Message Follows----
From: Chuck Church <cchurch@MAGNACOM.com>
To: 'Robert DeVito' <robertdevito@hotmail.com>
CC: "CCIE Lab group (E-mail)" <ccielab@groupstudy.com>
Subject: RE: What takes precedence, IP forward protocol or ACL?
Date: Thu, 1 Feb 2001 23:36:37 -0500

These PC's are using IP, not Netbeui. I thought DLSW only handled
non-routable, bridged traffic. Am I missing something?

Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218

-----Original Message-----
From: Robert DeVito [mailto:robertdevito@hotmail.com]
Sent: Thursday, February 01, 2001 10:14 PM
To: cchurch@MAGNACOM.com; ccielab@groupstudy.com
Subject: Re: What takes precedence, IP forward protocol or ACL?

DLSW might solve your problem, but it could be a pretty big overhead with
56k lines. It would do the job, though. The only problem I have found with

this solution is that you will sometimes have to search for the computer
name (find computer).

Let me know how you make out...

Robert

----Original Message Follows----
From: Chuck Church <cchurch@MAGNACOM.com>
Reply-To: Chuck Church <cchurch@MAGNACOM.com>
To: "CCIE Lab group (E-mail)" <ccielab@groupstudy.com>
Subject: What takes precedence, IP forward protocol or ACL?
Date: Thu, 1 Feb 2001 21:43:11 -0500

All,

        Sorry to ask a customer-related question, but since it's so bizarre,
I figured it's a possibility on the lab :) I've got a main location with
about 100 users, including 1 control-freak admin. I'm rolling out a frame
network to several remote offices. The admin would like to be able to see
the remote workstations in his network neighborhood for admin purposes.
They don't own any NT servers, so WINs is not an option. I've done IP
helper and forward protocol UDP 137-139 in small locations to allow computer
browsing, but because of the 56 kb frame circuit and the fact that there's
100 users at the main location, I don't want to forward all the netbios
broadcasts from the main segment to the remote frame location. If I use an
extended ACL to allow NB broadcasts incoming on the ethernet to allow only
the admin workstation, and have an IP helper on that interface, will only
the admin PC broadcasts be 'ip-helped' to the other side? Or does the
IP-helper take precedence and ignore the ACL? I don't currently have enough
Windows PCs in my lab to test this right now. All PCs are either 98 or NT,
and running IP only, no netbeui. The diagram would sort of look like this:

remote PC1 | |PC1
remote PC2 |--ethernet--RTRA-----frame 56kb----RTRB---ethernet--|PC2
remote PC3 | | | |ADMIN PC
                   ip helper ip helper |...
                 address is address is |PC100
                 admin's PC broadcast
                                                    address of RTRA's
                                                    ethernet segment
Thanks,

Chuck Church
CCNP, CCDP, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000 x218

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:33 GMT-3