From: ying c (bf5tgh1@yahoo.com)
Date: Thu Sep 19 2002 - 19:08:52 GMT-3
It does not look like access-expression work on
ethernet. Please correct me if I'm wrong.
--- "Volkov, Dmitry (Toronto - BCE)"
<dmitry_volkov@ca.ml.com> wrote:
> How to filter Netbios names on Ethernet interfaces
> ???
>
> I tried this:
>
> netbios access-list host test deny *
> !
> int e0
> access-expression input netbios-host(test)
> access-expression output netbios-host(test)
>
> I still was able to do "net view \\computer" from PC
> on Ethernet to outside
> and from outside towards to PC running on Ethernet
>
> I works on Tok ring but not on Ethernet... !!!
> Are access-expressions valid only for SRB ? Not
> valid for TB ??
>
> We can use netbios input(output)-access-filter on
> Tok Ring as well , NOT on
> Ethernet.
> We can use "dlsw icanreach netbios-name (exclusive)"
> - but this advertises
> reachability to remote peer.
> We can use "dlsw remote-peer 0 tcp 1.1.1.1
> host-netbios-out" but this
> configures netbios host output filtering for this
> peer
> We can use "dlsw prom-peer-defaults
> host-netbios-out" but this configure
> netbios host output filtering for prom peers
>
> I don't see any way selectively to filter NETBIOS
> traffic coming through
> router into ethernet, all methods are about
> advertising of reachability or filter outbound
> netbios traffic from Ethernet
> into router, etc.
>
> Any comments please
>
> Thanks,
>
> Dmitry
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:57 GMT-3