Puzzlled by the netbios and mac address access-list, need help

From: Jiang (jianggx@xxxxxxxxxxxxxxxxxxx)
Date: Thu Jan 11 2001 - 03:18:14 GMT-3

   
Hello,

I think the dlsw is my weekness, especially about the access-list,
I try to find more information about them, but I am still very
puzzled. for example, if I have the topology just like the following:

     ethernet hdlc ethernet
hostA--------Router1----------Router2---------hostB
        |
        |
      hostC

Now I want hosts on the ethernet of Router2 can only access hostA on the
ethernet of Router1. Router1 and Router2 are configed as dlsw+ peers.
I think I can using the following methods to get it, but I can't sure
which one is right and if more than one are right, which one is the
best? and what is the diffrence among them?

A:
on Router1
netbios access-list host test permit hostA
netbios access-list host test deny *

interface e0
  netbios input-access-filter host test

B:
still on Router1
netbios access-list host test permit hostA
netbios access-list host test deny *

interface e0
  netbios output-access-filter host test

C:
also on Router1
dlsw dlsw icanreach netbios-name hostA
dlsw icanreach netbios-exclusive

D:
on Router2
netbios access-list host test permit hostA
netbios access-list host test deny *

dlsw remote-peer 0 tcp 1.1.1.1 dmac-output-list test

As for A and B, I found in documtation that input-access-filter is based
on the source, the output-access-filter is based on destination. So I
think A and B are all right, right? What is the difference between
them. I think if I using input-access-filter, the Router2 and hostB
can't know any other hosts except hostA, eg it can't see hostC. But if I u
se
output-access-filter, the Router2 and hostB will see hostC too, but
just can't access hostC, the packet is denied on the point where the traffi
c
will leave the router1's ethernet. Do you think I am right or not?

As for C, I think in my condition, it is the same as A. right? hostB
will only see hostA.

D, I think is just like B, hostB can see any host on the remote, eg
hostA, hostC..., but just can access hostA.

I just searched the archive, think there are maybe more solutions, but
I am really not very clear about it, especially don't know I should
using which one under different conditions? I think there is only one
best solution under specail conditions.

Best regards,
Hiler mailto:jianggx@transcentury.com.cn

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:27 GMT-3