From: Bob Chahal (bob.chahal@xxxxxxxxxxxx)
Date: Tue Aug 07 2001 - 18:55:00 GMT-3
PC-ADVENT-----R8---------R2----------------R1-----------R5----PC-ESCOM
I've a setup with two border peers (R1 in group 2 and R2 in group1). In each
group I have an on-demand peers (Group 2 has R5 and Group 1 has R8) . I have
a windows pc on R8 (netbios name ADVENT) and R5 (netbios name ESCOM). I have
placed a dlsw netbios filter on R5 to block netbios name queries to ADVENT
as follows
netbios access-list host STOP deny ADVENT
netbios access-list host STOP permit *
enable password cisco
!
ip tcp synwait-time 5
no ip domain-lookup
dlsw local-peer peer-id 5.5.5.5 group 2 promiscuous
dlsw remote-peer 0 tcp 1.1.1.1
dlsw peer-on-demand-defaults host-netbios-out STOP
dlsw bridge-group 1
This does not block the netbios name queries for ADVENT. What I do see is
the peer-on demand connect and a successful connection to ADVENT from ESCOM.
I had thought that
dlsw peer-on-demand-defaults host-netbios-out STOP
would do enable filtering on demand peers. But I think that this is a catch
22 situation because the demand peer will not from unless the name query
goes through. So now I'm wondering why would you have the ability to
configure it this way.
In order to block netbios name queries to ADVENT I had to put the filter on
the remote peer statement to the border peer.
dlsw local-peer peer-id 5.5.5.5 group 2 promiscuous
dlsw remote-peer 0 tcp 1.1.1.1 host-netbios-out STOP
dlsw bridge-group 1
Has anyone else done filtering like this and if so do you share my
observations?
Thanks everyone
Bob
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:46 GMT-3