Cisco Systems BC-109 manual Configure NetBIOS Access Filters Using a Byte Offset

Page 26

Secure the SRB Network

The NetBIOS station access list contains the station name to match, along with a permit or deny condition. You must assign the name of the access list to a station or set of stations on the network.

To assign a station access list name, use the following command in global configuration mode:

Command

Purpose

netbios access-list host name {permit deny} pattern

Assign the name of an access list to a

 

station or set of stations on the network.

 

 

When filtering by station name, you can choose to filter either incoming or outgoing messages on the interface. To specify the direction, use one of the following commands in interface configuration mode:

Command

Purpose

netbios input-access-filter host name

Define an access list filter for incoming

 

messages.

 

 

netbios output-access-filter host name

Define an access list filter for outgoing

 

messages.

 

 

Configure NetBIOS Access Filters Using a Byte Offset

To configure access filters you must do the following:

Step 1 Assign a byte offset access list name.

Step 2 Specify the direction of the message to be filtered on the interface.

Keep the following notes in mind while configuring access filters using a byte offset:

When an access list entry has an offset plus the length of the pattern that is larger than the packet’s length, the entry will not make a match for that packet.

Because these access lists allow arbitrary byte offsets into packets, these access filters can have a significant impact on the amount of packets per second transiting across the bridge. They should be used only when situations absolutely dictate their use.

The NetBIOS byte offset access list contains a series of offsets and hexadecimal patterns with which to match byte offsets in NetBIOS packets. To assign a byte offset access list name, use the following command in global configuration mode:

Command

Purpose

netbios access-list bytes name {permit deny} offset

Define the byte offsets and patterns

pattern

within NetBIOS messages to match

 

with access list parameters.

 

 

Note Using NetBIOS Byte Offset access filters disables the autonomous or fast switching of source-route bridging frames.

When filtering by byte offset, you can filter either incoming or outgoing messages on the interface. To specify the direction, use one of the following commands in interface configuration mode:

 

Command

Purpose

 

netbios input-access-filter bytes name

Specify a byte-based access filter on

 

 

incoming messages.

 

 

 

BC-134Bridging and IBM Networking Configuration Guide

 

Page 25 Page 27
Image 26
Page 25 Page 27
Contents Configuring Source-Route Bridging SRB Configuration Task ListConfigure Source-Route Bridging Configure a Dual-Port BridgeConfigure a Multiport Bridge Using a Virtual Ring Multiple Dual-Port BridgesNo source-bridge ring-group ring-group Define a Ring Group in SRB ContextSource-bridge ring-group ring-group Interface fddi slot/port Configure SRB over FddiEnable SRB and Assign a Ring Group to an Interface Source-bridge route-cache cbusConfigure Fast-Switching SRB over Fddi Configure SRB over Frame RelayEnable the Automatic Spanning-Tree Function Limit the Maximum SRB Hops Configure Bridging of Routed Protocols Enable Use of the RIFConfigure a Static RIF Entry Configure the RIF Timeout IntervalOverview of SR/TLB Following notes and caveats apply to all uses of SR/TLB Enable Translation Compatibility with IBM 8209 Bridges Enable Bridging between Transparent Bridging and SRBDisable Fast-Switched SR/TLB No source-bridge transparent ring-group fastswitchEnable Standard Token Ring LLC2-to-Ethernet LLC2 Conversion Enable Token Ring LLC2-to-Ethernet ConversionEnable 0x80d5 Processing Source-bridge sap-80d5 dsapConfigure NetBIOS Support Specify Timeout and Enable NetBIOS Name Caching Source-bridge proxy-netbios-onlyCreate Static Entries in the NetBIOS Name Cache Configure the NetBIOS Cache Name LengthEnable NetBIOS Proxying Specify Dead-Time Intervals for NetBIOS PacketsNetbios name-cache recognized-timeout seconds Configure LNM SupportNetbios name-cache query-timeout seconds LNM Linking to a Source-Route Bridge on Each Local Ring How a Router Works with LNM LAN Network Manager Monitoring and TranslatingDisable LNM Functionality Disable Automatic Report Path Trace Function Enable Other LRMs to Change Router ParametersChange Reporting Thresholds Apply a Password to an LNM Reporting LinkEnable LNM Servers Lnm softerr milliseconds Change an LNM Reporting IntervalMonitor LNM Operation Secure the SRB Network Configure NetBIOS Access FiltersConfigure NetBIOS Access Filters Using Station Names Netbios access-list bytes name permit deny offset Configure NetBIOS Access Filters Using a Byte OffsetNetbios access-list host name permit deny pattern Netbios input-access-filter bytes nameFilter Frames by Protocol Type Configure Administrative Filters for Token Ring TrafficNetbios output-access-filter bytes name Filter Destination Addresses Filter Frames by Vendor CodeFilter Source Addresses Access Expression Example Configure Access Expressions Optimize Access ExpressionsAlter Access Lists Used in Access Expressions Tune the SRB NetworkEnable or Disable the Source-Route Fast-Switching Cache Optimize Explorer Processing Enable or Disable the SSEEstablish the Connection Timeout Interval Controlling Explorer Storms in Redundant Network Topologies Mac-address ieee-address Configure Proxy ExplorersEstablish SRB Interoperability with TI MAC Firmware Report Spurious Frame-Copied Errors Monitor and Maintain the SRB NetworkSRB Configuration Examples Source-bridge tcp-queue-max numberDual-Port Source-Route Bridge Configuration Basic SRB with Spanning-Tree Explorers ExampleOptimized Explorer Processing Configuration Example SRB-Only ExampleSRB and Routing Certain Protocols Example Multiport SRB ExampleConfiguration for Router a SRB with Multiple Virtual Ring Groups ExampleConfiguration for Router B SRB over Fddi Configuration ExamplesSRB over Fddi Fast-Switching Example Router aSRB over Frame Relay Configuration Example Frad Using SRB over Frame Relay to Connect to a Cisco RouterConfiguration on Router C Configuration of Router aConfiguration on Router B Adding a Static RIF Cache Entry ExampleAdding a Static RIF Cache Entry for a Two-Hop Path Example SR/TLB for a Simple Network ExampleBC-154Bridging and IBM Networking Configuration Guide SR/TLB with Access Filtering Example Example of a Bit-Swapped AddressNetBIOS Support with a Static NetBIOS Cache Entry Example Specifying a Static EntryWayfarer# show lnm config LNM for a Simple Network ExampleLNM for a More Complex Network Example NetBIOS Access Filters Example Filtering Bridged Token Ring Packets to IBM Machines Example Shows a router connecting four Token Rings Creating Access Filters Example Following access expression would resultAccess Filters Example Fast-Switching ExampleAutonomous Switching Example
Top Page Image Contents