RE: (DLSW) NETBIOS filtering on Ethernet

From: Volkov, Dmitry (Toronto - BCE) (dmitry_volkov@ca.ml.com)
Date: Fri Sep 20 2002 - 00:09:08 GMT-3

• Next message: beda jain: "clarification on dlsw filter and isdn ipx"
• Previous message: Dennis Bailey: "OT: Documentation CD's available."
• Maybe in reply to: Volkov, Dmitry (Toronto - BCE): "(DLSW) NETBIOS filtering on Ethernet"
• Next in thread: sean@ttank.com: "Re: (DLSW) NETBIOS filtering on Ethernet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Craig,

I was asking about using "acceess-experssions" for filtering NETBIOS on
ethernet.
You don't need usual (numbered/named) access-lists for that..
"expression" in this case is "netbios-host(name)"
where is "name" - name of "netbios access-list host"
Like here:

netbios access-list host test deny BLABLA
netbios access-list host test permit *
int e0
access-expression input netbios-host(test)

http://127.0.0.1:8080/cc/td/doc/product/software/ios121/121cgcr/ibm_r/brprt1
/br1dsrb.htm#xtocid11211

Dmitry

> -----Original Message-----
> From: Craig Tompkins [mailto:craig.tompkins@verizon.net]
> Sent: Thursday, September 19, 2002 10:51 PM
> To: 'Volkov, Dmitry (Toronto - BCE)'; ccielab@groupstudy.com
> Subject: RE: (DLSW) NETBIOS filtering on Ethernet
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> [no] access-expression {in | out} expression
>
> Use the access-expression interface configuration command to define
> an access expression. Use the no form of this command to remove the
> access expression from the given interface. You use this command in
> conjunction with the access-list interface configuration command.
>
> in | out Indicates whether the access expression is applied to
> packets entering or leaving this interface. You can specify both an
> input and an output access expression for an interface, but only one
> of each.
> expression Boolean access list expression, built as explained in the
> "Usage Guidelines" section for this command in the Router Products
> Command Reference publication.
>
> [no] access-list access-list-number {permit | deny} {type-code
> wild-mask | address mask}
>
> Use the access-list global configuration command to configure the
> access list mechanism for filtering frames by protocol type or vendor
> code. Use the no form of this command to remove the single specified
> entry from the access list.
>
> As stated in the above reference, do you have a defined access list
> to use in conjuction with it?
>
> Craig W. Tompkins
> Network Engineer
> Temecula, CA 92592
> 760.583.6544
>
> "The credit belongs to the man who is actually in the arena, whose
> face is marred by dust and sweat and blood; who strives valiantly;
> who errs and comes short again and again, who knows the great
> enthusiasms, the great devotions, and spends himself in a worthy
> cause; who at best, knows the triumph of high achievement; and who,
> at the worst, if he fails, at least fails while daring greatly, so
> that his place shall never be with those cold and timid souls who
> know neither victory nor defeat."
> - -Theodore Roosevelt, "Citizen in a Republic", April 23, 1910
>
>
> - -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Volkov, Dmitry (Toronto - BCE)
> Sent: Thursday, September 19, 2002 2:09 PM
> To: 'ccielab@groupstudy.com'
> Subject: (DLSW) NETBIOS filtering on Ethernet
>
> How to filter Netbios names on Ethernet interfaces ???
>
> I tried this:
>
> netbios access-list host test deny *
> !
> int e0
> access-expression input netbios-host(test)
> access-expression output netbios-host(test)
>
> I still was able to do "net view \\computer" from PC on Ethernet to
> outside
> and from outside towards to PC running on Ethernet
>
> I works on Tok ring but not on Ethernet... !!!
> Are access-expressions valid only for SRB ? Not valid for TB ??
>
> We can use netbios input(output)-access-filter on Tok Ring as well ,
> NOT on
> Ethernet.
> We can use "dlsw icanreach netbios-name (exclusive)" - but this
> advertises
> reachability to remote peer.
> We can use "dlsw remote-peer 0 tcp 1.1.1.1 host-netbios-out" but this
> configures netbios host output filtering for this peer
> We can use "dlsw prom-peer-defaults host-netbios-out" but this
> configure
> netbios host output filtering for prom peers
>
> I don't see any way selectively to filter NETBIOS traffic coming
> through
> router into ethernet, all methods are about
> advertising of reachability or filter outbound netbios traffic from
> Ethernet
> into router, etc.
>
> Any comments please
>
> Thanks,
>
> Dmitry
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPYqNIsBQYrtUgT/NEQIpEACdFvpZ4aZ5hxysGwAQ07XMa0raLeAAoLx8
> P3I21daPzb7PwZReyeqsMoSI
> =w4HR
> -----END PGP SIGNATURE-----

• Next message: beda jain: "clarification on dlsw filter and isdn ipx"
• Previous message: Dennis Bailey: "OT: Documentation CD's available."
• Maybe in reply to: Volkov, Dmitry (Toronto - BCE): "(DLSW) NETBIOS filtering on Ethernet"
• Next in thread: sean@ttank.com: "Re: (DLSW) NETBIOS filtering on Ethernet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:57 GMT-3