From: yakout esmat (yesmat@xxxxxxxxxxxxxx)
Date: Fri Mar 29 2002 - 00:06:58 GMT-3
My 2 cents:
The netbios name filtering in general applies to source Host names.
Example: to block all local workstations with names starting with serv from
accessing the WAN, you will use:
netbios access-list host test deny serv*
netbios access-list host test permit *
and apply that to the dlsw remote peer. OR apply it to the local interface
to prevent local and remote bridging as well using "netbios
input-access-filter host test".
I guess a solution to your question would be to configure the remote router
with:
dlsw icanreach netbios-name system*
dlsw icannreach netbios-exclusive
Any other input is very much appreciated
Ya
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Lupi, Guy
Sent: Friday, March 29, 2002 1:05 PM
To: 'MOLINA, MARTIN J *Internet* (PBI)'; 'ccielab@groupstudy.com'
Subject: RE: Netbios filtering
You bring up an interesting point. The big question would be is the name
specified in the access list a destination or source, or is it either? If
either, then both ways would work, yours would allow workstations to get out
to only those names, their way would only allow those 2 workstations in. I
guess in short the answer is I don't really know, I will try to find out and
let you know. I know that the host-netbios-out option in dlsw is based on
destination, if you deny something in it then the local host will not be
able to query for that name, but the remote name that you denied will be
able to get to the local host. It would be interesting if anyone with
practical experience in this would be able to tell us.
~-----Original Message-----
~From: MOLINA, MARTIN J *Internet* (PBI) [mailto:mm1343@pbi.net]
~Sent: Thursday, March 28, 2002 7:48 PM
~To: 'ccielab@groupstudy.com'
~Subject: Netbios filtering
~
~
~Group,
~If one were presented with the following requirement:
~
~Configure R3's Token interface so that its attached
~workstations will only
~be able to see two workstations out on the network with Netbios names
~"System3" and "System9".
~
~My knee-jerk solution was the following:
~
~netbios access-list host R3 permit System3
~netbios access-list host R3 permit System9
~applied to R3's Token interface as : netbios
~output-access-filter host R3
~
~However, the solution in the book I'm working out of lists the
~following
~solution:
~
~netbios access-list host test permit System3
~netbios access-list host test deny *
~
~netbios access-list host rest permit System9
~netbios access-list host rest deny *
~
~applied to R3's Token interface as : access-expression input
~(netbios-host(test) | netbios-host(rest))
~
~My questions are :
~1. What is the deal with direction (input as opposed to
~output)? I would
~think the solution would have to be applied outbound on R3's
~Token interface
~(toward the workstations on R3's ring).
~2. Why wouldn't my solution work (assuming the direction was correct)?
~Thanks in advance.
~Martin Molina
~Senior Network Engineer
~Pacific Bell Internet Services
~CCNP CCDP
~desk: 925 973-7774
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:25 GMT-3