Re: netbios filters, how to trace sources ?

From: max aronica (max_aronica@xxxxxxxxxxx)
Date: Sat Apr 14 2001 - 17:41:24 GMT-3

• Next message: Dan: "Re: Point to Point Serial link"
• Previous message: Michelle Famiglietti: "PPP Callback with Dialer Profiles"
• Maybe in reply to: max aronica: "netbios filters, how to trace sources ?"
• Next in thread: Daryl Wan Wai Meng: "RE: netbios filters, how to trace sources ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Nigel,
Given your example, the access-list you created can only be set (in case of
ethernet) on the dlsw remote peer definition, that is, will
filter -destination name-.
StaionA and B are on the same ethernet, I want A to be able to send out
netbios packet towards Rtr2. B should not.
How can I cut on Rtr1 packet coming from B ?

|---|---Rtr1 -------------//---------------Rtr2
A B ------------> Nbios query

Thanks
Max

----- Original Message -----
From: "Nigel Taylor" <nigel_taylor@hotmail.com>
To: "max aronica" <max_aronica@hotmail.com>; <ccielab@groupstudy.com>
Sent: Saturday, April 14, 2001 5:20 PM
Subject: Re: netbios filters, how to trace sources ?

> Max,
> See inline
>
> Nigel..
>
>
> ----- Original Message -----
> From: max aronica <max_aronica@hotmail.com>
> To: <ccielab@groupstudy.com>
> Sent: Saturday, April 14, 2001 9:48 AM
> Subject: netbios filters, how to trace sources ?
>
>
> > Can anybody advise any known method to have the total filtering
capability
> > by netbios-name on ethernet side in a DLSW scenario ?
> >
> > Understand that I can place a netbios access-list at the remote peer
> > definition
> > (dlsw remote-peer 0 tcp 1.1.1.1 host-netbios-out test1) but this will
> filter
> > the
> > destination names, not the source.
> >
> > The "netbios input-access-filter" and "output-access-filter" are not
> > accepted under
> > ethernet interfaces, only token.
> >
> > So, what if I want to accept netbios from station A but not from
station
> B
> > (same vlan) ? Of course we don't know their MAC address.
>
> NT: The way I see this working is you won't ever have two machines on the
> same
> network with the same name, which would would mean using the following
> command;
>
> Token ring 1 = StationA and StationB
>
> netbios access-list
> netbios access-list host test1 permit Sta??A <-- any of these would work
> netbios access-list host test1 permit *A <-- any of these would
> work
>
> This would permit StationA and deny any access to StaionB..
> No need to re-invent the wheel..
>
> >
> > For any other bridging filter (MAC, LSAP) there is the way to filter by
> > source and/or
> > destination, but not here it seems.
> > Any idea ?
> >
> > Thanks, Max
> >
> >
> >

• Next message: Dan: "Re: Point to Point Serial link"
• Previous message: Michelle Famiglietti: "PPP Callback with Dialer Profiles"
• Maybe in reply to: max aronica: "netbios filters, how to trace sources ?"
• Next in thread: Daryl Wan Wai Meng: "RE: netbios filters, how to trace sources ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:45 GMT-3