From: Volkov, Dmitry (Toronto - BCE) (dmitry_volkov@ca.ml.com)
Date: Fri Sep 13 2002 - 15:11:27 GMT-3
The best way - to test it.
I tested it. Doc doesn't look correct.. or... we both don't understand the
author's wording :)
Dmitry
> -----Original Message-----
> From: beda jain [mailto:bpjain@cisco.com]
> Sent: Friday, September 13, 2002 2:10 PM
> To: Volkov, Dmitry (Toronto - BCE); 'baganini@attbi.com'; beda jain
> Cc: ccielab@groupstudy.com
> Subject: RE: DLSW netbios filter from beda
>
>
> Hi,
>
> That what i understood before reading that doc.Thats means
> that doc is not
> correct.
>
> Thanks,
> Beda
> At 01:31 PM 9/13/2002 -0400, Volkov, Dmitry (Toronto - BCE) wrote:
>
> > > -----Original Message-----
> > > From: baganini@attbi.com [mailto:baganini@attbi.com]
> > > Sent: Friday, September 13, 2002 1:06 PM
> > > To: beda jain
> > > Cc: ccielab@groupstudy.com
> > > Subject: RE: DLSW netbios filter from beda
> > >
> > >
> > > Hi,
> > >
> > > If you want one particular host to reach the remote wan
> > > link can be done the way shown in the article. This
> >
> >Sorry,
> >This is not right.
> >
> >PC2-------R1------WAN----Rn------PC1
> >
> >If You have some of the following commands on R1:
> >R1#
> >dlsw remote-peer 0 tcp a.b.c.d host-netbios-out TEST
> >OR dlsw peer-on-demand-defaults host-netbios-out TEST
> >OR dlsw prom-peer-defaults host-netbios-out TEST
> >
> >Access-list TEST:
> >netbios access-list host TEST deny PC1
> >netbios access-list host TEST deny PC2
> >netbios access-list host TEST permit *
> >
> >Will NOT prevent PC2 to connect to anywhere, as well as
> anything can connect
> >to PC1.
> >PC2 can NOT connect to PC1 only
> >
> >PC2 can connect to any other PCx, and any other PCx can
> connect to PC1
> >
> >Dmitry
> >
> >
> > > stops traffice from other hosts from going to one
> > > particular dlsw peer. This configuration, however, can
> > > not stop the peer from seeing other netbios hosts in the
> > > reachability table.
> > >
> > >
> > > --
> > > CCIE# 7003
> > > Director of Research & Development
> > > thouma@cyscoexpert.com
> > >
> > > CyscoExpert, Inc.
> > > 4433 W. Touhy Ave.
> > > LincolnWood, IL 60712
> > > info@cyscoexpert.com
> > > Ph:(847) 674-3392
> > > FX:(847) 674-2625
> > > > Hi,
> > > >
> > > > I am talking about the link example on host-netbios-out.
> > > Please go to the
> > > > link below.
> > > >
> http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/tech/dls4_rg.htm
> > > >
> > > > At 04:02 PM 9/13/2002 +0000, baganini@attbi.com wrote:
> > > > > From what I understand, in the cnfiguratoin you have,
> > > > >the filter will not filter out the reachability table.
> > > > >It will filter out the netbios traffic that is destined
> > > > >to R2. If Your "icanreach" statement were on R2, R6
> > > > >will see all the hosts that R2 cam reaching, not
> > > > >confirmed thoug. Then when a host on R6 want to send
> > > > >traffice to a host other that CISCO on R2, the filter
> > > > >will do its work at this time.
> > > > >
> > > > >
> > > > >--
> > > > >CCIE# 7003
> > > > >Director of Research & Development
> > > > >thouma@cyscoexpert.com
> > > > >
> > > > >CyscoExpert, Inc.
> > > > >4433 W. Touhy Ave.
> > > > >LincolnWood, IL 60712
> > > > >info@cyscoexpert.com
> > > > >Ph:(847) 674-3392
> > > > >FX:(847) 674-2625
> > > > > > Hi,
> > > > > >
> > > > > > I also understand the same way you understand, but
> > > after reading this link
> > > > > > i got confuse.
> > > > > >
> > > > > > Could some body clarify this. How we can allow only a
> > > particular local
> > > > > > host to access to remote wan link.
> > > > > >
> > > > > > Thanks,
> > > > > > Beda
> > > > > >
> > > > > >
> > > > > >
> > > > > > Figure 4-2 shows the configuration required to allow
> > > any NetBIOS host with
> > > > > > a name starting with "sales" to access the WAN, but not
> > > allow any other
> > > > > > servers (for example, Engserv01 or Acctserv02) to
> > > access the WAN. This can
> > > > > > be done for security reasons or to limit the traffic
> > > across the WAN link.
> > > > > > By applying the access lists to the remote peers
> > > instead of the local
> > > > > > interfaces, you allow traffic to be locally bridged.
> > > > > >
> > > > > > Figure 4-2: Using Filtering to Limit the Broadcasts and
> > > Network Access of
> > > > > > Individual NetBIOS Servers
> > > > > >
> > > > > >
> > > > > >
> > > > > > At 06:02 PM 9/12/2002 -0400, Volkov, Dmitry (Toronto -
> > > BCE) wrote:
> > > > > > >here how I understand this:
> > > > > > >
> > > > > > >1)dlsw remote-peer 0 tcp 172.17.59.137
> host-netbios-out CISCO
> > > > > > >permits sending NETBIOS traffic from 172.17.59.69 to
> > > host CISCO
> > > > > through peer
> > > > > > >172.17.59.137
> > > > > > >
> > > > > > >2)dlsw icanreach netbios-name CISCO
> > > > > > >tells all peers connected to this peer 172.17.59.69
> > > that this local peer
> > > > > > >can reach host CISCO, i.e. remote peers peering with
> > > this peer won't send
> > > > > > >explorers to find where they can send traffic to
> > > CISCO, but will send
> > > > > > >traffic towards to 172.17.59.69 destined to CISCO.
> > > Other peers will know
> > > > > > >that CISCO is reachable via 172.17.59.69
> > > > > > >
> > > > > > >Please correct me if I'm wrong
> > > > > > >
> > > > > > >Dmitry
> > > > > > >
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Guoqi Cui [mailto:guoqicui@yahoo.com]
> > > > > > > > Sent: Thursday, September 12, 2002 5:14 PM
> > > > > > > > To: ccielab@groupstudy.com
> > > > > > > > Subject: DLSW netbios filter
> > > > > > > >
> > > > > > > >
> > > > > > > > Hi, Group:
> > > > > > > >
> > > > > > > > I am configuring DLSW netbios filter and have a
> > > > > > > > problem
> > > > > > > > with the operartion.
> > > > > > > >
> > > > > > > > R6-----------------R2
> > > > > > > >
> > > > > > > > in R6:
> > > > > > > >
> > > > > > > > netbios access-list host CISCO permit CISCO
> > > > > > > >
> > > > > > > > dlsw local-peer peer-id 172.17.59.69 promiscuous
> > > > > > > > dlsw remote-peer 0 tcp 172.17.59.137 host-netbios-out
> > > > > > > > CISCO
> > > > > > > > dlsw remote-peer 0 tcp 172.17.59.138 backup-peer
> > > > > > > > 172.17.59.137 linger 8
> > > > > > > > dlsw icanreach netbios-exclusive
> > > > > > > > dlsw icanreach netbios-name ABC
> > > > > > > > dlsw icanreach netbios-name CISCO
> > > > > > > > dlsw icanreach netbios-name CISCOA
> > > > > > > > dlsw icanreach netbios-name ACISCOA
> > > > > > > > dlsw bridge-group 1
> > > > > > > >
> > > > > > > > in R2
> > > > > > > > source-bridge ring-group 1000
> > > > > > > > dlsw local-peer peer-id 172.17.59.137 promiscuous
> > > > > > > > dlsw bridge-group 1
> > > > > > > >
> > > > > > > > I want to see only CISCO in R2, somehow I can see all
> > > > > > > > of them.
> > > > > > > >
> > > > > > > > r2#sh dlsw re
> > > > > > > > r2#sh dlsw reachability
> > > > > > > > DLSw Local MAC address reachability cache list
> > > > > > > > Mac Addr status Loc. port
> > > > > > > > rif
> > > > > > > > 0008.de81.990e FOUND LOCAL TBridge-001
> > > > > > > > --no rif--
> > > > > > > >
> > > > > > > > DLSw Remote MAC address reachability cache list
> > > > > > > > Mac Addr status Loc. peer
> > > > > > > > 0006.907f.fba0 FOUND REMOTE 172.17.59.69(2065)
> > > > > > > >
> > > > > > > > DLSw Local NetBIOS Name reachability cache list
> > > > > > > > NetBIOS Name status Loc. port
> > > > > > > > rif
> > > > > > > >
> > > > > > > > DLSw Remote NetBIOS Name reachability cache list
> > > > > > > > NetBIOS Name status Loc. peer
> > > > > > > > ABC UNCONFIRM REMOTE 172.17.59.69(2065)
> > > > > > > > ACISCOA UNCONFIRM REMOTE 172.17.59.69(2065)
> > > > > > > > CISCO UNCONFIRM REMOTE 172.17.59.69(2065)
> > > > > > > > CISCOA UNCONFIRM REMOTE 172.17.59.69(2065)
> > > > > > > >
> > > > > > > >
> > > > > > > > What is wrong with my configuration?
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > >
> > > > > > > > Guoqi
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > __________________________________________________
> > > > > > > > Do you Yahoo!?
> > > > > > > > Yahoo! News - Today's headlines
> > > > > > > > http://news.yahoo.com
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:51 GMT-3