From: Justin Menga (Justin.Menga@xxxxxxxxxxxxxxxxxx)
Date: Mon Nov 06 2000 - 17:20:02 GMT-3
Hi,
I believe the following rules apply for DLSW (These are the rules for
netbios filtering on tokenring interfaces):
The station names included in the access lists are compared with the source
name field for NetBIOS commands 00 and 01 (ADD_GROUP_NAME_QUERY and
ADD_NAME_QUERY), as well as the destination name field for NetBIOS commands
08, 0A, and 0E (DATAGRAM, NAME_QUERY, and NAME_RECOGNIZED)
Hence, if you wanted to ONLY block communications between HostC and HostB
you would have to configure the list on RtrB:
netbios access-list host FILTER deny HostB
netbios access-list host FILTER permit *
dlsw remote-peer 0 tcp x.x.x.x host-netbios-out FILTER
If you configured the list on RtrA (i.e. deny HostC, you would block all
communications).........The above list doesn't stop incoming NetBIOS traffic
to HostC, but blocks the return traffic......
Regards,
Justin Menga MCSE+I CCNP CCSE ASE
WAN Specialist
Computerland New Zealand
PO Box 3631, Auckland
DDI: (+64) 9 360 4864 Mobile: (+64) 25 349 599
mailto: justin.menga@computerland.co.nz
-----Original Message-----
From: Jack Heney [mailto:jheneyccie@hotmail.com]
Sent: Friday, 3 November 2000 8:33 p.m.
To: ccielab@groupstudy.com
Subject: NetBIOS/DLSW filtering
I'm a bit confused about netbios name filtering with DLSW....given the
following scenario:
HostA------RtrA-----------RtrB------HostC
|
HostB---|
Assuming DLSW is running between RtrA and RtrB, and HostA and B are on the
same segment (ethernet or token ring, it doesn't matter), if I want to stop
netbios-based communication between HostC and HostB, how would I do it?
Does the host-netbios-out filter based on netbios names attached locally or
attached to the remote peer to which the statement is applied?
Also, is there a "source and destination" netbios name, and if so, which
field does host-netbios-out look at?
Thanks,
Jack
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:42 GMT-3