From: max aronica (max_aronica@xxxxxxxxxxx)
Date: Sun Apr 15 2001 - 10:45:51 GMT-3
Hi Daryl,
you are right, the link speaks clear. But if you test it, it will
filter by destination....I tried. Just take two windows PC and put
a dlsw network in the middle and try to filter.
Ok, should this be requested in the lab, I will assume good what Cisco doc
says.
About your question, don't know if I well understand it. If you wonder where
that notation (0x0000 0x0D0D) comes from just write it in binary and will
see that the only values permitted are the SNA ones (actually,
even 0c and 0d ... )
0000.0000 (sap)
0000.1101 (mask)
---------
It permits 00,01,04,05,08,09,0c,0d
>From: Daryl Wan Wai Meng <darylwan@aeradio.com.sg>
>To: "'max aronica'" <max_aronica@hotmail.com>, Nigel Taylor
><nigel_taylor@hotmail.com>, ccielab@groupstudy.com
>Subject: RE: netbios filters, how to trace sources ?
>Date: Sun, 15 Apr 2001 14:05:02 +0800
>
>Nigel/Max,
>
>I believe the following commands on Rtr 1 would do the trick...
>
>netbios access-list filter1 permit (netbios name of PC A)
>dlsw remote-peer 0 tcp (Rtr 2 peer address) host-netbios-out filter1
>
>This is can verified from the following link
>http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/prodlit/dlsw4_rg.htm
>Figure 4-2: Using Filtering to Limit the Broadcasts and Network Access of
>Individual NetBIOS Servers
>
>
>When i initially started learning about DLSW filtering, i too thought that
>they meant to filter on the destination. It is not the case!!! Luckily, the
>above link steered me into the correct direction...
>
>The DMAC & LSAP commands for DLSW also work the same way, they reference
>the
>mac-addresses & SAP types local to the router!!! Not the destination
>side....
>
>
>
>Now, i have a question regarding SAP types...
>In the following link
>http://www.cisco.com/warp/public/698/acl200.html
>
>They describe to permit SNA traffic, use 0x0000 0x0D0D to permit the most
>common SNA SAPs ---
>0x01
>0x04
>0x05
>0x08
>0x09
>
>Does it mean that the above SAPs actually become the following ---
>0x0101 0x0000
>0x0404 0x0000
>0x0505 0x0000
>0x0808 0x0000
>0x0909 0x0000
>-------------
>0x0000 0x0D0D
>
>Is this how they interpret that the access-list can be used to permit the
>above SNA SAPs?
>
>
>
>Thanks,
> Daryl
>
>
>-----Original Message-----
>From: max aronica [mailto:max_aronica@hotmail.com]
>Sent: Sunday, April 15, 2001 4:41 AM
>To: Nigel Taylor; ccielab@groupstudy.com
>Subject: Re: netbios filters, how to trace sources ?
>
>
>Nigel,
>Given your example, the access-list you created can only be set (in case of
>ethernet) on the dlsw remote peer definition, that is, will
>filter -destination name-.
>StaionA and B are on the same ethernet, I want A to be able to send out
>netbios packet towards Rtr2. B should not.
>How can I cut on Rtr1 packet coming from B ?
>
>|---|---Rtr1 -------------//---------------Rtr2
>A B ------------> Nbios query
>
>
>Thanks
>Max
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:46 GMT-3