Re: DLSW Peer Goup - Netbios Filters

From: Bob Chahal (bob.chahal@xxxxxxxxxxxx)
Date: Wed Aug 08 2001 - 05:21:06 GMT-3

• Next message: ELAW@xxxxx: "RE: Auto-RP in NBMA"
• Previous message: Padhu (LFG): "RE: isdn: frame-relay backup"
• Maybe in reply to: Bob Chahal: "DLSW Peer Goup - Netbios Filters"
• Next in thread: Bob Chahal: "Re: DLSW Peer Goup - Netbios Filters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Thanks for that Fred. Ok I will try the dlsw disable but after I had
configured this and saved the config, the next day I powered up the routers
and still the filter wouldn't work. I'll be working on all this DLSW for a
couple of weeks yet so if I get anywhere with this I'll let you know.

----- Original Message -----
From: "Fred Ingham" <fningham@worldnet.att.net>
To: "Bob Chahal" <bob.chahal@ntlworld.com>
Cc: <ccielab@groupstudy.com>
Sent: Tuesday, August 07, 2001 3:28 AM
Subject: Re: DLSW Peer Goup - Netbios Filters

> Bob: The filter on r5 should work if ESCOM is initiating the session.
> Did you do
> a dlsw disable and a no dlsw disable after configuring the filter? If
> not the filter doesn't take effect with peer-on-demand-defaults in my
> experience.
>
> As you have seen the same filter works on the remote-peer statement to
> the border. Filters on the remote-peer statement seem to be active
> without the dis, no dis exercise. And the filter should also work on r1
> remote-peer statement to r2.
>
> Let me know if this explains your tests.
>
> Cheers, Fred.
>
> Bob Chahal wrote:
> >
> > PC-ADVENT-----R8---------R2----------------R1-----------R5----PC-ESCOM
> >
> > I've a setup with two border peers (R1 in group 2 and R2 in group1). In
each
> > group I have an on-demand peers (Group 2 has R5 and Group 1 has R8) . I
have
> > a windows pc on R8 (netbios name ADVENT) and R5 (netbios name ESCOM). I
have
> > placed a dlsw netbios filter on R5 to block netbios name queries to
ADVENT
> > as follows
> >
> > netbios access-list host STOP deny ADVENT
> > netbios access-list host STOP permit *
> > enable password cisco
> > !
> > ip tcp synwait-time 5
> > no ip domain-lookup
> > dlsw local-peer peer-id 5.5.5.5 group 2 promiscuous
> > dlsw remote-peer 0 tcp 1.1.1.1
> > dlsw peer-on-demand-defaults host-netbios-out STOP
> > dlsw bridge-group 1
> >
> > This does not block the netbios name queries for ADVENT. What I do see
is
> > the peer-on demand connect and a successful connection to ADVENT from
ESCOM.
> > I had thought that
> >
> > dlsw peer-on-demand-defaults host-netbios-out STOP
> >
> > would do enable filtering on demand peers. But I think that this is a
catch
> > 22 situation because the demand peer will not from unless the name query
> > goes through. So now I'm wondering why would you have the ability to
> > configure it this way.
> >
> > In order to block netbios name queries to ADVENT I had to put the filter
on
> > the remote peer statement to the border peer.
> >
> > dlsw local-peer peer-id 5.5.5.5 group 2 promiscuous
> > dlsw remote-peer 0 tcp 1.1.1.1 host-netbios-out STOP
> > dlsw bridge-group 1
> >
> > Has anyone else done filtering like this and if so do you share my
> > observations?
> >
> > Thanks everyone
> >
> > Bob
> > **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: ELAW@xxxxx: "RE: Auto-RP in NBMA"
• Previous message: Padhu (LFG): "RE: isdn: frame-relay backup"
• Maybe in reply to: Bob Chahal: "DLSW Peer Goup - Netbios Filters"
• Next in thread: Bob Chahal: "Re: DLSW Peer Goup - Netbios Filters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:47 GMT-3