RE: DLSW netbios filter from beda

From: beda jain (bpjain@cisco.com)
Date: Fri Sep 13 2002 - 13:33:57 GMT-3

• Next message: Volkov, Dmitry (Toronto - BCE): "RE: DLSW netbios filter from beda"
• Previous message: Troy Rader: "Thoughts on 3550/emi features and in the topology"
• Maybe in reply to: beda jain: "RE: DLSW netbios filter from beda"
• Next in thread: Volkov, Dmitry (Toronto - BCE): "RE: DLSW netbios filter from beda"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I am talking about the link example on host-netbios-out. Please go to the
link below.
http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/tech/dls4_rg.htm

At 04:02 PM 9/13/2002 +0000, baganini@attbi.com wrote:
> From what I understand, in the cnfiguratoin you have,
>the filter will not filter out the reachability table.
>It will filter out the netbios traffic that is destined
>to R2. If Your "icanreach" statement were on R2, R6
>will see all the hosts that R2 cam reaching, not
>confirmed thoug. Then when a host on R6 want to send
>traffice to a host other that CISCO on R2, the filter
>will do its work at this time.
>
>
>--
>CCIE# 7003
>Director of Research & Development
>thouma@cyscoexpert.com
>
>CyscoExpert, Inc.
>4433 W. Touhy Ave.
>LincolnWood, IL 60712
>info@cyscoexpert.com
>Ph:(847) 674-3392
>FX:(847) 674-2625
> > Hi,
> >
> > I also understand the same way you understand, but after reading this link
> > i got confuse.
> >
> > Could some body clarify this. How we can allow only a particular local
> > host to access to remote wan link.
> >
> > Thanks,
> > Beda
> >
> >
> >
> > Figure 4-2 shows the configuration required to allow any NetBIOS host with
> > a name starting with "sales" to access the WAN, but not allow any other
> > servers (for example, Engserv01 or Acctserv02) to access the WAN. This can
> > be done for security reasons or to limit the traffic across the WAN link.
> > By applying the access lists to the remote peers instead of the local
> > interfaces, you allow traffic to be locally bridged.
> >
> > Figure 4-2: Using Filtering to Limit the Broadcasts and Network Access of
> > Individual NetBIOS Servers
> >
> >
> >
> > At 06:02 PM 9/12/2002 -0400, Volkov, Dmitry (Toronto - BCE) wrote:
> > >here how I understand this:
> > >
> > >1)dlsw remote-peer 0 tcp 172.17.59.137 host-netbios-out CISCO
> > >permits sending NETBIOS traffic from 172.17.59.69 to host CISCO
> through peer
> > >172.17.59.137
> > >
> > >2)dlsw icanreach netbios-name CISCO
> > >tells all peers connected to this peer 172.17.59.69 that this local peer
> > >can reach host CISCO, i.e. remote peers peering with this peer won't send
> > >explorers to find where they can send traffic to CISCO, but will send
> > >traffic towards to 172.17.59.69 destined to CISCO. Other peers will know
> > >that CISCO is reachable via 172.17.59.69
> > >
> > >Please correct me if I'm wrong
> > >
> > >Dmitry
> > >
> > >
> > > > -----Original Message-----
> > > > From: Guoqi Cui [mailto:guoqicui@yahoo.com]
> > > > Sent: Thursday, September 12, 2002 5:14 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: DLSW netbios filter
> > > >
> > > >
> > > > Hi, Group:
> > > >
> > > > I am configuring DLSW netbios filter and have a
> > > > problem
> > > > with the operartion.
> > > >
> > > > R6-----------------R2
> > > >
> > > > in R6:
> > > >
> > > > netbios access-list host CISCO permit CISCO
> > > >
> > > > dlsw local-peer peer-id 172.17.59.69 promiscuous
> > > > dlsw remote-peer 0 tcp 172.17.59.137 host-netbios-out
> > > > CISCO
> > > > dlsw remote-peer 0 tcp 172.17.59.138 backup-peer
> > > > 172.17.59.137 linger 8
> > > > dlsw icanreach netbios-exclusive
> > > > dlsw icanreach netbios-name ABC
> > > > dlsw icanreach netbios-name CISCO
> > > > dlsw icanreach netbios-name CISCOA
> > > > dlsw icanreach netbios-name ACISCOA
> > > > dlsw bridge-group 1
> > > >
> > > > in R2
> > > > source-bridge ring-group 1000
> > > > dlsw local-peer peer-id 172.17.59.137 promiscuous
> > > > dlsw bridge-group 1
> > > >
> > > > I want to see only CISCO in R2, somehow I can see all
> > > > of them.
> > > >
> > > > r2#sh dlsw re
> > > > r2#sh dlsw reachability
> > > > DLSw Local MAC address reachability cache list
> > > > Mac Addr status Loc. port
> > > > rif
> > > > 0008.de81.990e FOUND LOCAL TBridge-001
> > > > --no rif--
> > > >
> > > > DLSw Remote MAC address reachability cache list
> > > > Mac Addr status Loc. peer
> > > > 0006.907f.fba0 FOUND REMOTE 172.17.59.69(2065)
> > > >
> > > > DLSw Local NetBIOS Name reachability cache list
> > > > NetBIOS Name status Loc. port
> > > > rif
> > > >
> > > > DLSw Remote NetBIOS Name reachability cache list
> > > > NetBIOS Name status Loc. peer
> > > > ABC UNCONFIRM REMOTE 172.17.59.69(2065)
> > > > ACISCOA UNCONFIRM REMOTE 172.17.59.69(2065)
> > > > CISCO UNCONFIRM REMOTE 172.17.59.69(2065)
> > > > CISCOA UNCONFIRM REMOTE 172.17.59.69(2065)
> > > >
> > > >
> > > > What is wrong with my configuration?
> > > >
> > > > Thanks,
> > > >
> > > > Guoqi
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > __________________________________________________
> > > > Do you Yahoo!?
> > > > Yahoo! News - Today's headlines
> > > > http://news.yahoo.com

• Next message: Volkov, Dmitry (Toronto - BCE): "RE: DLSW netbios filter from beda"
• Previous message: Troy Rader: "Thoughts on 3550/emi features and in the topology"
• Maybe in reply to: beda jain: "RE: DLSW netbios filter from beda"
• Next in thread: Volkov, Dmitry (Toronto - BCE): "RE: DLSW netbios filter from beda"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:50 GMT-3