RE: Filter NetBIOS without using LSAP lists

From: Vikas Gupta (vicky_gupta1803@xxxxxxxxx)
Date: Wed Feb 21 2001 - 22:15:11 GMT-3

• Next message: Piperw222@xxxxxxx: "bootcamp - switch configuration for lab 8"
• Previous message: perez claude-vincent: "RE: How to config isdn caller callback?"
• Maybe in reply to: Vikas Gupta: "Filter NetBIOS without using LSAP lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Raymond,

No one responded, but I would actually allow this MAC
address in all my DMAC ACL's otherwise explicit deny
rule will block NetBIOS also. I would ask the proctor
about this and if I don't get any answer, I would
permit it. Anyone would care to comment??

Vikas

--- Raymond Cheung <rcheung@slb.com> wrote:
> Vikas,
> Did you get any answer about this? Please let me
> know.
> I really appreciate it.
> Raymond
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
> Vikas Gupta
> Sent: Tuesday, February 13, 2001 9:59 PM
> To: Fred Ingham; ccielab@groupstudy.com
> Subject: Re: Filter NetBIOS without using LSAP lists
>
>
> Fred,
>
> This brings up another Q to my mind. If I am using
> dmac lists for regular mac address filtering either
> on
> DLSW remote-peer or on interfaces, I should permit
> this address in my MAC ACL's to make sure that I
> don't
> block NetBIOS traffic, since the last line in ACL is
> to deny everything. Eg.
>
> R1--------IP Cloud-----------R2
>
> I want to allow hosts on R1 to communicate with only
> one host on R2 with mac address of 1234.5678.9012,
> so
> I would have my MAC acl as
>
> access-list 700 permit 1234.5678.9012 0000.0000.0000
> access-list 700 permit c000.0000.0080 0000.0000.0000
>
> and apply to my remote-peer statement on R1. This
> will
> ensure that my NetBIOS traffic is not blocked. Is
> this
> the right way to do mac acl's?
>
> TIA,
> Vikas
>
> --- Fred Ingham <fningham@worldnet.att.net> wrote:
> > Yes, filtering the NetBIOS multicast address
> > c000.0000.0080 will block
> > all NetBIOS broadcasts and prevent any NetBIOS
> host
> > appearing in reachability cache. But I agree with
> > the other replies
> > that an "icannotreach saps F0" is a better way to
> > go.
> >
> > Fred.
> >
> > Vikas Gupta wrote:
> > >
> > > Hello People,
> > >
> > > Is there a way to filter NetBIOS without using
> > LSAP
> > > lists in DLSW+. I was thinking to use dmac lists
> > which
> > > blocks funtional MAC address i.e c000.0000.0080
> > (pls
> > > correct me if this is wrong) which essentially
> is
> > the
> > > MAC address used to send NetBIOS explorers.
> > >
> > > Comments??
> > >
> > > Vikas
> > >
> > >

• Next message: Piperw222@xxxxxxx: "bootcamp - switch configuration for lab 8"
• Previous message: perez claude-vincent: "RE: How to config isdn caller callback?"
• Maybe in reply to: Vikas Gupta: "Filter NetBIOS without using LSAP lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:56 GMT-3