RE: DLSW: allow incoming netbios host X

From: Mahmud, Yasser (YMahmud@Solutions.UK.ATT.com)
Date: Thu Feb 20 2003 - 20:32:59 GMT-3

• Next message: tan: "RE: Default trunk encapsulation"
• Previous message: Brian Dennis: "RE: Ctrl+Shift+^, x and traceroute"
• Maybe in reply to: soon ccie: "DLSW: allow incoming netbios host X"
• Next in thread: soon ccie: "RE: DLSW: allow incoming netbios host X"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
Option 1 should work without the remote keyword as below

a) On R2 with the exclusive keyword, it now uses a filter (only when
exclusive is used and is based on source addreses) on all o/g DLSW
connections, so the only thing that passes is netbios-name x to R1, which
meets the requirement. so only netbios name x can communicate via netbios to
hosts on any other DLSW peer.
b) What will happen on R1 is that because of the exclusive keyword specified
on R2 , R1 will also use a filter (based on destination addresses) towards
R2 so the only NBNQ messages that will be passed by R1 for R2 will be for
netbios-name x so R1 hosts can only communicate with host x on R2

Note: If you use the remote keyword then the only filter that is going to be
used is the remote filter i.e filter on R1 so R2 won't use a filter so R2
will be sending NBNQ messages from all it's connected hosts.
         However due to the filter @ R1 , R1 hosts will only be able to
communicate with netbios name x.

Option2

As far as I know you can't use access-expressions with Ethernet i/f's (only
applicable to token ring) and same with NetBIOS input-access-filters.
 
It's been sometime since I did DLSW, so please test

Rgds,
Yasser
    

> -----Original Message-----
> From: soon ccie [SMTP:soonccie@yahoo.com]
> Sent: Thursday, February 20, 2003 2:55 AM
> To: Voss, David; 'trust.hogo@sarcom.com'; ccielab@groupstudy.com
> Subject: RE: DLSW: allow incoming netbios host X
>
> Thanks all! I have 2 related Qs:
>
> (1) So use netbios-exclusive at R2, not sure understand how does it meet
> the
> req that it sends ONLY hostxyx to R1 and block all other? should I include
> the
> remote option as in below? i don't quite understand what the doc says.
> dlsw icanreach netbios-exclusive remote !** "remote" option
> dlsw icanreach netbios-name hostxyz
>
> (2) I notice there is one way of using a filter at R2 LAN int:
> interface Ethernet1
> ip address 10.1.1.1 255.255.255.0
> access-expression input netbios-host(hostfilter)
> bridge-group 1
> netbios access-list host hostfilter permit hostxyz
>
> My problem is that IP is blocked once netbios filter is applied, can
> anyone
> help to explain what's happened? in theory, how netbios filter can impact
> L3 IP
> traffic?
>
> TIA
>
>
> --- "Voss, David" <dvoss@heidrick.com> wrote:
> > I would have to say it's going to be icanreach/exclusive commands,
> netbios
> > access filters display the following when applying to ethernet
> interfaces.
> >
> > r6(config-if)#netbios input-access-filter host TESTING
> > netbios interface commands only allowed on Token Ring like interfaces.
> > r6(config-if)#^Z
> >
> > -----Original Message-----
> > From: trust.hogo@sarcom.com [mailto:trust.hogo@sarcom.com]
> > Sent: Wednesday, February 19, 2003 4:05 PM
> > To: soonccie@yahoo.com; ccielab@groupstudy.com
> > Subject: RE: DLSW: allow incoming netbios host X
> >
> >
> > Use NetBIOS input-access-filter command on the interface taking part in
> > DLSW.
> >
> > -----Original Message-----
> > From: soon ccie [mailto:soonccie@yahoo.com]
> > Sent: Wednesday, February 19, 2003 1:17 AM
> > To: ccielab@groupstudy.com
> > Subject: DLSW: allow incoming netbios host X
> >
> >
> > Hi all,
> > R1 ------DLSW--------R2.
> >
> > DLSW peering between R1 (lo0 1.1.1.1) and R2 (lo0 2.2.2.2). R2 can's use
> > remote-peer command. The task is to let only machine with netbios name
> X to
> > come in from R2.
> >
> > What are the possible solutions? In R1, since it is incoming netbios ,
> so
> > can't leverage remote-peer command to apply the filtering because it
> does
> > only output filtering based on the doc. The doc lists one command that
> may
> > be applied on R2, but I want confirmation if this is correct or if there
> is
> > other ways.
> >
> > R2: dlsw netbios-name X remote-peer 1.1.1.1. (This cmd still use
> remote-peer
> > though).
> >
> > TIA.
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Shopping - Send Flowers for Valentine's Day
> http://shopping.yahoo.com
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Shopping - Send Flowers for Valentine's Day
> http://shopping.yahoo.com

• Next message: tan: "RE: Default trunk encapsulation"
• Previous message: Brian Dennis: "RE: Ctrl+Shift+^, x and traceroute"
• Maybe in reply to: soon ccie: "DLSW: allow incoming netbios host X"
• Next in thread: soon ccie: "RE: DLSW: allow incoming netbios host X"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:30 GMT-3