Re: DLSW Peer Goup - Netbios Filters

From: Fred Ingham (fningham@xxxxxxxxxxxxxxxx)
Date: Mon Aug 06 2001 - 23:28:00 GMT-3

• Next message: Andrew Lennon: "RE: Dedicated T1 to Japan"
• Previous message: Todd Veillette: "RE: 6506's Losing EIgrp Neighbors"
• Maybe in reply to: Bob Chahal: "DLSW Peer Goup - Netbios Filters"
• Next in thread: Bob Chahal: "Re: DLSW Peer Goup - Netbios Filters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Bob: The filter on r5 should work if ESCOM is initiating the session.
Did you do
a dlsw disable and a no dlsw disable after configuring the filter? If
not the filter doesn't take effect with peer-on-demand-defaults in my
experience.

As you have seen the same filter works on the remote-peer statement to
the border. Filters on the remote-peer statement seem to be active
without the dis, no dis exercise. And the filter should also work on r1
remote-peer statement to r2.

Let me know if this explains your tests.

Cheers, Fred.

Bob Chahal wrote:
>
> PC-ADVENT-----R8---------R2----------------R1-----------R5----PC-ESCOM
>
> I've a setup with two border peers (R1 in group 2 and R2 in group1). In each
> group I have an on-demand peers (Group 2 has R5 and Group 1 has R8) . I have
> a windows pc on R8 (netbios name ADVENT) and R5 (netbios name ESCOM). I have
> placed a dlsw netbios filter on R5 to block netbios name queries to ADVENT
> as follows
>
> netbios access-list host STOP deny ADVENT
> netbios access-list host STOP permit *
> enable password cisco
> !
> ip tcp synwait-time 5
> no ip domain-lookup
> dlsw local-peer peer-id 5.5.5.5 group 2 promiscuous
> dlsw remote-peer 0 tcp 1.1.1.1
> dlsw peer-on-demand-defaults host-netbios-out STOP
> dlsw bridge-group 1
>
> This does not block the netbios name queries for ADVENT. What I do see is
> the peer-on demand connect and a successful connection to ADVENT from ESCOM.
> I had thought that
>
> dlsw peer-on-demand-defaults host-netbios-out STOP
>
> would do enable filtering on demand peers. But I think that this is a catch
> 22 situation because the demand peer will not from unless the name query
> goes through. So now I'm wondering why would you have the ability to
> configure it this way.
>
> In order to block netbios name queries to ADVENT I had to put the filter on
> the remote peer statement to the border peer.
>
> dlsw local-peer peer-id 5.5.5.5 group 2 promiscuous
> dlsw remote-peer 0 tcp 1.1.1.1 host-netbios-out STOP
> dlsw bridge-group 1
>
> Has anyone else done filtering like this and if so do you share my
> observations?
>
> Thanks everyone
>
> Bob
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Andrew Lennon: "RE: Dedicated T1 to Japan"
• Previous message: Todd Veillette: "RE: 6506's Losing EIgrp Neighbors"
• Maybe in reply to: Bob Chahal: "DLSW Peer Goup - Netbios Filters"
• Next in thread: Bob Chahal: "Re: DLSW Peer Goup - Netbios Filters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:47 GMT-3