From: Craig Tompkins (craig.tompkins@verizon.net)
Date: Thu Sep 19 2002 - 23:51:14 GMT-3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[no] access-expression {in | out} expression
Use the access-expression interface configuration command to define
an access expression. Use the no form of this command to remove the
access expression from the given interface. You use this command in
conjunction with the access-list interface configuration command.
in | out Indicates whether the access expression is applied to
packets entering or leaving this interface. You can specify both an
input and an output access expression for an interface, but only one
of each.
expression Boolean access list expression, built as explained in the
"Usage Guidelines" section for this command in the Router Products
Command Reference publication.
[no] access-list access-list-number {permit | deny} {type-code
wild-mask | address mask}
Use the access-list global configuration command to configure the
access list mechanism for filtering frames by protocol type or vendor
code. Use the no form of this command to remove the single specified
entry from the access list.
As stated in the above reference, do you have a defined access list
to use in conjuction with it?
Craig W. Tompkins
Network Engineer
Temecula, CA 92592
760.583.6544
"The credit belongs to the man who is actually in the arena, whose
face is marred by dust and sweat and blood; who strives valiantly;
who errs and comes short again and again, who knows the great
enthusiasms, the great devotions, and spends himself in a worthy
cause; who at best, knows the triumph of high achievement; and who,
at the worst, if he fails, at least fails while daring greatly, so
that his place shall never be with those cold and timid souls who
know neither victory nor defeat."
- -Theodore Roosevelt, "Citizen in a Republic", April 23, 1910
- -----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of Volkov, Dmitry (Toronto - BCE)
Sent: Thursday, September 19, 2002 2:09 PM
To: 'ccielab@groupstudy.com'
Subject: (DLSW) NETBIOS filtering on Ethernet
How to filter Netbios names on Ethernet interfaces ???
I tried this:
netbios access-list host test deny *
!
int e0
access-expression input netbios-host(test)
access-expression output netbios-host(test)
I still was able to do "net view \\computer" from PC on Ethernet to
outside
and from outside towards to PC running on Ethernet
I works on Tok ring but not on Ethernet... !!!
Are access-expressions valid only for SRB ? Not valid for TB ??
We can use netbios input(output)-access-filter on Tok Ring as well ,
NOT on
Ethernet.
We can use "dlsw icanreach netbios-name (exclusive)" - but this
advertises
reachability to remote peer.
We can use "dlsw remote-peer 0 tcp 1.1.1.1 host-netbios-out" but this
configures netbios host output filtering for this peer
We can use "dlsw prom-peer-defaults host-netbios-out" but this
configure
netbios host output filtering for prom peers
I don't see any way selectively to filter NETBIOS traffic coming
through
router into ethernet, all methods are about
advertising of reachability or filter outbound netbios traffic from
Ethernet
into router, etc.
Any comments please
Thanks,
Dmitry
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPYqNIsBQYrtUgT/NEQIpEACdFvpZ4aZ5hxysGwAQ07XMa0raLeAAoLx8
P3I21daPzb7PwZReyeqsMoSI
=w4HR
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:57 GMT-3