From: Vikas Gupta (vicky_gupta1803@xxxxxxxxx)
Date: Wed Feb 14 2001 - 00:58:59 GMT-3
Fred,
This brings up another Q to my mind. If I am using
dmac lists for regular mac address filtering either on
DLSW remote-peer or on interfaces, I should permit
this address in my MAC ACL's to make sure that I don't
block NetBIOS traffic, since the last line in ACL is
to deny everything. Eg.
R1--------IP Cloud-----------R2
I want to allow hosts on R1 to communicate with only
one host on R2 with mac address of 1234.5678.9012, so
I would have my MAC acl as
access-list 700 permit 1234.5678.9012 0000.0000.0000
access-list 700 permit c000.0000.0080 0000.0000.0000
and apply to my remote-peer statement on R1. This will
ensure that my NetBIOS traffic is not blocked. Is this
the right way to do mac acl's?
TIA,
Vikas
--- Fred Ingham <fningham@worldnet.att.net> wrote:
> Yes, filtering the NetBIOS multicast address
> c000.0000.0080 will block
> all NetBIOS broadcasts and prevent any NetBIOS host
> appearing in reachability cache. But I agree with
> the other replies
> that an "icannotreach saps F0" is a better way to
> go.
>
> Fred.
>
> Vikas Gupta wrote:
> >
> > Hello People,
> >
> > Is there a way to filter NetBIOS without using
> LSAP
> > lists in DLSW+. I was thinking to use dmac lists
> which
> > blocks funtional MAC address i.e c000.0000.0080
> (pls
> > correct me if this is wrong) which essentially is
> the
> > MAC address used to send NetBIOS explorers.
> >
> > Comments??
> >
> > Vikas
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:48 GMT-3