IBM Books

MAS V3.4 Protocol Reference V1


Using NetBIOS

This chapter describes IBM's implementation of NetBIOS over bridged networks and over DLSw networks. It includes the following topics:


About NetBIOS

The NetBIOS protocol was designed for use on a Token-Ring LAN. It is not a routable protocol, but can be bridged, or switched using DLSw. Both of these methods of handling NetBIOS traffic are supported.

NetBIOS relies on broadcast frames for most of its functions other than data transfer. While this may not present a problem in LAN environments, if uncontrolled, it may easily present a problem in WAN environments.

The following sections describe NetBIOS names and the different types of NetBIOS broadcast communication.

NetBIOS Names

The key to communication between NetBIOS stations are the NetBIOS names. Each NetBIOS entity is assigned a NetBIOS name. In order to communicate with another NetBIOS entity, its NetBIOS name must be known. The names are used in broadcast NetBIOS frames to indicate the source NetBIOS entity of the frame and the desired target NetBIOS entity to receive the frame.

All names in NetBIOS frames are 16 ASCII characters. There are two types of NetBIOS names:

Individual (or unique)
Represents a single NetBIOS client or server. This name should be unique within the NetBIOS network.

This name is used to communicate with this particular NetBIOS entity.

Group
Represents a group of NetBIOS stations (an OS/2 LAN Server domain, for example). This name should not be the same as any individual NetBIOS names in the network.

This name is used to allow communication between a group of NetBIOS entities.

A single NetBIOS station (single MAC address) can have multiple individual and/or group names associated with it. These names are generated by the NetBIOS application based upon a name or names configured at the NetBIOS station by a network administrator.

NetBIOS Name Conflict Resolution

When a NetBIOS entity is preparing to use an individual NetBIOS name as its own, it checks the network to make sure that no other NetBIOS station has already used this name.

It checks the NetBIOS name by repeatedly broadcasting a particular NetBIOS UI frame to all NetBIOS stations. If no stations respond, then the name is assumed to be unique and can be used. If a station does respond, the new station should not attempt to use this name.

NetBIOS Session Setup Procedure

To establish a NetBIOS session in order to do data transfer types of operations, the NetBIOS client first resolves the MAC address of the NetBIOS server and the LLC route to the NetBIOS server.

It does this by repeatedly broadcasting a particular NetBIOS UI frame to all NetBIOS stations. This frame contains the NetBIOS name of the server with which this client is establishing a session. When the server receives this frame with its NetBIOS name in it, the server responds with a corresponding broadcast NetBIOS UI frame to the client. When the client receives the response frame, the frame contains the MAC address and the route to the NetBIOS server.

For some NetBIOS applications, finding the NetBIOS server is a multiple step process. For example, the first step may be to find a domain controller that tells the client which domain server to use. Then the client finds this domain server.

Once the MAC address of NetBIOS server and the route to the NetBIOS server are found, the NetBIOS client can take either of the following actions:

NetBIOS Broadcast Data Flows

For some NetBIOS applications, it is common to periodically broadcast data frames. This may be done if a station has a single frame's worth of data to send to another NetBIOS station. It can do this by broadcasting a particular NetBIOS UI frame (with the target NetBIOS station's name in the frame) to all NetBIOS stations.

Another case is when NetBIOS stations within a group (or domain) need to communicate with each other. This can be done by broadcasting a particular NetBIOS UI frame (with the target NetBIOS group name in the frame) to all NetBIOS stations. This is commonly done.

NetBIOS Status Flows

A less commonly used NetBIOS function is the ability to obtain status from any NetBIOS station. This is done by broadcasting a particular NetBIOS frame (with the target NetBIOS station's name in the frame) to all NetBIOS stations. When the target NetBIOS station receives this frame, it responds with a corresponding broadcast NetBIOS response frame.

NetBIOS All-Stations Broadcast Frames

There are two types of NetBIOS functions that are rarely used. Both of these functions involve broadcasting a NetBIOS frame to all NetBIOS stations. There is no target NetBIOS name in the frames. The two functions are:


Reducing NetBIOS Traffic

To stabilize a network, the goal is to reduce the amount of broadcast NetBIOS traffic that is forwarded through the bridged or DLSw switched networks. This can be done in two ways:

Table 10 lists the filters that IBM provides.

Table 10. NetBIOS Filters
Filter Type Filters
 MAC Address   Frames by either the source or destination MAC address. 
 Byte   Frames by byte offset and field length within a frame. 
 Name   Frames by NetBIOS source and destination names. 
 Duplicate Frame   Duplicate frames. 
 Response   Responses for which the router did not forward a NetBIOS broadcast frame. 

Once the router filters frames, NetBIOS name lists and NetBIOS name caching and route caching controls how the remaining frames are forwarded. "NetBIOS Byte Filtering" and "NetBIOS host-name Filtering" describe byte and name filtering, respectively. The Nways Multiprotocol Access Services Software User's Guide describes MAC address filtering.

For an introduction to host-name filtering and byte filtering, see "NetBIOS Name and Byte Filters".

The following sections describe frame type, duplicate frame, response frame filtering, NetBIOS name lists, NetBIOS name and route caching.

Frame Type Filtering

Frame type filtering allows certain categories of NetBIOS frames to be filtered entirely for bridge traffic, DLSw traffic, or both DLSw and bridge traffic.

The three categories of NetBIOS frames that can be filtered are:

The default is to not filter any of the above frame types for bridged NetBIOS traffic, and to filter all of the above frame types for DLSw switched NetBIOS traffic. However, it may be advantageous to filter the above frame types if NetBIOS traffic is being bridged on WAN links.

For bridging, enter set filters bridge to turn frame type filtering on or off. For DLSw, enter set filters dlsw to turn frame type filtering on or off.

For example:

   NetBIOS config>set filters bridge
 
   Filter Name Conflict frames? [Yes]:
 
   Name conflict filtering is              ON
 
   Filter General Broadcast frames? [Yes]:
 
   General broadcast filtering is          ON
 
   Filter Trace Control frames? [Yes]:
 
   Trace control filtering is              ON

Duplicate Frame Filtering

All of the broadcast NetBIOS frames that could have a response are sent a fixed number of times (default 6), at a fixed interval (default 1/2 second apart) by the origin NetBIOS station. In the following explanation, these frames are called NetBIOS command frames and the possible response frames are called NetBIOS response frames.

The NetBIOS command frames are the:

The command frames are sent multiple times to increase the odds of successful delivery (these frames are connectionless frames). Each response frame is sent only once in response to each command frame received.

In a DLSw-switched network, the forwarding of each retry across the WAN sessions can be very costly. So, when the first command frame is received, it is forwarded to the appropriate neighbor DLSw and bridge ports and a copy is saved. All retries of the same NetBIOS command frame received during a configurable time period are discarded.

There is one configurable time period for the bridge network and one configurable time period for the DLSw network.

The configurable time period for the bridge network is controlled by two commands:

The configurable time period for the DLSw network is controlled by a single parameter:

When a NetBIOS command frame is received by a DLSw neighbor, the frame is forwarded to the bridge network and a copy is saved. At a configurable interval (1/2 second) for a configurable number of times (default 6), the neighbor DLSw function forwards a retry of the command frame to the bridge function. The bridge function handles the command frame based upon the configured bridge duplicate frame parameters.

The configurable number of retries and interval are controlled by the following command and parameters:

There is one last parameter that controls how long the command frame is saved in order to perform the above bridge and DLSw network forwarding:

Figure 24. Setting Up a NetBIOS Session Over DLSw. Duplicate filtering reduces the number of broadcast frames forwarded over the DLSw WAN.

Setting up a NetBIOS Session over DLSw

Figure 24, together with the following sequence, shows how the process works, using the default values. To simplify things, it is assumed that no response frame is received.



               Origin         Originating                           Target            Target
               NB stn         Router                                Router            NB stn
                              Bridge  DLSw                          DLSw  Bridge
   BEGIN
   TIME            NB cmd frame (1)                                        NB cmd frame (1)
                   *-----------------*-to dlsw--------------------------------------->
    *                <--to bridge *--*
   0.5 sec.    .5 second (origin NB stn timer)                    .5 second (command frame retry timer)
    |
    |
    |              NB cmd frame (2)                                        NB cmd frame (2)
    |              *--------> *------*                             *----------------->
    *                <--to bridge *--*
   1 sec.      .5 second (origin NB stn timer)                    .5 second (command frame retry timer)
    *
    |
    |              NB cmd frame (3)                                        NB cmd frame (3)
    |              *--------> *------*                             *----------------->
    |                <--to bridge *--*
   1.5 sec.    .5 second (origin NB stn timer)                    .5 second (command frame retry timer)
    |                     (reduced search timer)
    |
    |
    |              NB cmd frame (4)                                        NB cmd frame (4)
    |              *-----------------*-to dlsw--------------------------------------->
    *                <--to bridge *--*
   2 sec.      .5 second (origin NB stn timer)                    .5 second (command frame retry timer)
    *
    |
    |              NB cmd frame (5)                                        NB cmd frame (5)
    |              *--------> *------*                             *----------------->
    |                <--to bridge *--*
   2.5 sec.    .5 second (origin NB stn timer)                    .5 second (command frame retry timer)
    |
    |
    |              NB cmd frame (6)                                        NB cmd frame (6)
    |              *--------> *------*                             *----------------->
    |                <--to bridge *--*
    *
 
 
   5.0 sec.     2.5 seconds (dup frame detect timer)               2.5 seconds (dup frame detect timer)
                   deleted NB cmd frame                            deleted NB cmd frame
 
 

The sequence of events is as follows:

  1. The first NetBIOS command frame is received on a bridge port at the origin DLSw router. A copy of the NetBIOS command frame is saved. Because bridging is enabled, the frame is forwarded onto the bridge network. Because duplicate-filtering on the bridge network is disabled as the default, the duplicate frame filter timer is not started. Because DLSw NetBIOS is enabled, the frame is forwarded onto the DLSw network and the reduced search timer is started (default 1-1/2 seconds). The duplicate frame detect timer (default 5 seconds) is also started.
  2. The target router DLSw function receives the first NetBIOS command frame. A copy of the NetBIOS command frame is saved. Because bridging is enabled, the frame is forwarded onto the bridge network. Because duplicate-filtering on the bridge network is disabled as the default, the duplicate frame filter timer is not started. The retry command timer (default 1/2 second) and the duplicate frame detect timer (default 5 seconds) are started.
  3. At the origin router, the second NetBIOS command frame (first retry) is received. Because duplicate-filtering on the bridge network is disabled as the default, the frame is forwarded onto the bridge network. Because the reduced search timeout has not expired, the frame is not forwarded onto the DLSw network.
  4. At the target router, the DLSw function forwards a first retry of the NetBIOS command frame (generated locally) to the bridge function. Because duplicate-filtering on the bridge network is disabled as the default, the frame is forwarded onto the bridge network. The retry command timer (default 1/2 second) is started.
  5. At the origin router, the third NetBIOS command frame (second retry) is handled in the same manner as the second NetBIOS command frame.
  6. At the target router, the second retry of the NetBIOS command frame is handled in the same manner as the first retry.
  7. At the origin router, the fourth NetBIOS command frame (third retry) is received. Because duplicate-filtering on the bridge network is disabled as the default, the frame is forwarded onto the bridge network. Because the reduced search timeout has now expired, the frame is forwarded onto the DLSw network. The reduced search timer is restarted.
  8. At the target router, the DLSw function forwards a third retry of the NetBIOS command frame (generated locally) to the bridge function. Because duplicate-filtering on the bridge network is disabled as the default, the frame is forwarded onto the bridge network. The retry command timer (default 1/2 second is started). The target router also receives the forwarded NetBIOS command frame from the origin router, but discards it as a duplicate.
  9. At the origin router, the fifth NetBIOS command frame (fourth retry) is handled in the same manner as the second NetBIOS command frame.
  10. At the target router, the fourth retry of the NetBIOS command frame is handled in the same manner as the first retry.
  11. At the origin router, the sixth NetBIOS command frame (fifth retry) is received. Because duplicate-filtering on the bridge network is disabled as the default, the frame is forwarded onto the bridge network. Because the reduced search timeout has not expired, the frame is not forwarded onto the DLSw network.
  12. At the target router, the DLSw function forwards a fifth retry of the NetBIOS command frame (generated locally) to the bridge function. Because duplicate-filtering on the bridge network is disabled as the default, the frame is forwarded onto the bridge network. Because the retry count is now exhausted, the command retry timer is not restarted.
  13. After 2-1/2 more seconds at the origin router, the duplicate frame detect timer expires and the saved NetBIOS command frame is deleted.
  14. After 2-1/2 more seconds at the target router, the duplicate frame detect timer expires and the saved NetBIOS command frame is deleted.

Response Frame Filtering

The NetBIOS session setup command frame and the NetBIOS status command frame each expect a corresponding NetBIOS response frame. If no response frame is received, the command frame is retried as in the example above.

When the first NetBIOS response frame is received on the bridge network at the target router, it is forwarded back to the origin router and the saved NetBIOS command frame is deleted. Any subsequent response frame received at the target router is discarded because no corresponding NetBIOS command frame is found.

At the origin router, the received response frame is forwarded on the bridge network and the saved NetBIOS command frame is deleted. Any subsequent response frames received at the origin router (from the DLSw or bridge network) are discarded.

The NetBIOS name conflict command frames may cause, but do not require, a corresponding NetBIOS response frame. In addition, all received response frames are used (to determine whether there is more than one conflict).

Therefore, all NetBIOS name conflict frames received are forwarded, but the NetBIOS command frame is not deleted until the Duplicate Frame Detect timer expires.

NetBIOS Name Lists

NetBIOS name lists is a DLSw-only vehicle for limiting the number of DLSw partners to which a NetBIOS UI frame is forwarded.

A local NetBIOS name list can be configured at each router. This name list represents all of the NetBIOS names attached to the router's locally bridged network that can be accessed by DLSw partners. The router sends the local NetBIOS name list to all DLSw partners. These partners use the list to limit the NetBIOS traffic the partner sends to this router.

The NetBIOS name lists are useful in environments in which there is good control over the NetBIOS names; particularly those environments that should be accessed remotely through DLSw.

Configuring Local NetBIOS Name Lists

A NetBIOS name list is a set of NetBIOS name list entries. Configuring of the local NetBIOS name list involves:

You configure the name list entries at the NetBIOS config> prompt with the add name-list command. Each entry consists of the following information:

name qualifier
A name qualifier represents one or more NetBIOS names. Each name qualifier may be up to 16 characters. You can represent multiple NetBIOS names by using wildcards (either an imbedded ? or a trailing *) within the name.

The ? (question mark) signifies that the character in that position in the NetBIOS name may have any value.

The * (asterisk) as the last character of a name to signifies that all of the remaining characters in the NetBIOS name may be any value.
Note:In the majority of client/server NetBIOS applications, the only names required in the name lists are those of servers or domains. Individual client names do not need to be configured in name lists.

name qualifier type
NetBIOS names can be individual names or group names. Each name qualifier represents either a set of individual NetBIOS names or a set of group NetBIOS names. The name qualifier type specifies which type of NetBIOS names (individual or group) the corresponding name qualifier represents.

As a general rule, domain names are group names and client or server names are individual names.

The name list itself has an attribute that is configured at the NetBIOS config> prompt using the SET NAME-LIST command. That attribute is name list exclusivity.

The attribute indicates whether the set of name list entries represents all NetBIOS names that this router's DLSw partners can reach (exclusive) or represents some but not necessarily all NetBIOS names that this router's DLSw partners can reach (non-exclusive).

An exclusive name list does the best job of limiting NetBIOS DLSw traffic on the network. Only frames destined to a NetBIOS name represented by a router's exclusive name list are forwarded to that router.

A non-exclusive name list helps limit NetBIOS DLSw traffic on the network though not as well as an exclusive name list. Frames destined to a NetBIOS name represented by a router's non-exclusive name list will be forwarded to that router first.

If the router receives a frame destined to a NetBIOS name not represented by any router's name lists, the router forwards the frame to all routers with non-exclusive name lists.

It is possible to control how a particular router uses its local NetBIOS name list and the name lists received from its DLSw partners using the following parameters:

use local NetBIOS name list
This function is configured with the enable name-list local or disable name-list local command at the NetBIOS config> prompt.

If you enable use local NetBIOS name list, the router sends the local NetBIOS name list configured at the router to all DLSw partners.

If you disable use local NetBIOS name list, the router does not send the local NetBIOS name list configured at the router to all DLSw partners.

use remote NetBIOS name lists
This function is configured with the enable name-list remote or disable name-list remote command at the NetBIOS config> prompt.

If you enable use remote NetBIOS name lists, the router uses all NetBIOS names lists received from the router's DLSw partners to determine how to forward certain NetBIOS frames.

If you disable use remote NetBIOS name lists, the router ignores all NetBIOS name lists received from the router's DLSw partners.

Committing NetBIOS Name List Changes

You can change all the NetBIOS name list parameters either permanently at the NetBIOS config> prompt or temporarily at the NetBIOS> prompt.

Because each change made requires the router to send information to each DLSw partner, you must indicate that the name list changes are ready for use by entering set name-list at the NetBIOS> command prompt.

Using NetBIOS Name Lists

The router uses NetBIOS name lists to determine how to forward the following NetBIOS frames:

Using Exclusive NetBIOS Name Lists Effectively

Configure exclusive NetBIOS name lists whenever possible. If you configure and send an exclusive name list to all DLSw partners, then the only NetBIOS frames received from the DLSw partners will be the frames whose destination name matches one of the name list entries.

A useful exclusive NetBIOS name list is the empty NetBIOS name list. If a particular router has no NetBIOS servers that are to be accessed by any of its DLSw partners, you should use an empty exclusive name list.

Using Non-Exclusive NetBIOS Name Lists

If a router has many DLSw partners all on different bridged networks, you can use non-exclusive name lists. Name list entries could be configured for the most frequently used servers so that traffic destined for these servers would go to this router first. Specifying the name list as non-exclusive allows traffic to go to less frequently used servers without having to configure the servers in the name list. Use this configuration in a network without tight control of the NetBIOS names; particularly the servers to be accessed remotely through DLSw.

Another use of non-exclusive NetBIOS name lists is in configurations that contain parallel DLSw paths between bridged networks. If two routers are on the same bridged network, one router could configure a NetBIOS name list representing one set of servers to be accessed remotely through DLSw on the bridged network and the other router could configure a NetBIOS name list representing a different set of servers. When both routers are active, the NetBIOS traffic is distributed between the two routers. If one router is inactive, all NetBIOS traffic will go through the other router because it has a non-exclusive list.

The default name list is an empty non-exclusive NetBIOS name list. This indicates that a router wants its DLSw partners to send all unforwardable NetBIOS traffic to the router.

NetBIOS Name Caching and Route Caching

NetBIOS Name Caching is the function in the router that classifies the type of NetBIOS name and the information necessary to reach the NetBIOS name. This information is used to best determine how to forward unfiltered NetBIOS frames to as few DLSw neighbors and as few bridge ports as possible. The possible types of NetBIOS names and the information saved for each are:

Individual remote
This is a NetBIOS name known to be reachable remotely via a particular DLSw TCP session. The best TCP sessions are saved.

Individual local
This is a NetBIOS name known to be reachable locally via the bridge network. The MAC address associated with the name is saved. If route caching is enabled, the best LLC route between the router and the NetBIOS station is also saved.

Group
This is a NetBIOS name known to be a group name. It may be reachable remotely and/or locally and may represent multiple NetBIOS stations. No other information is saved.

Unknown
Information about the NetBIOS name is not yet known, indicating that a search for the name is not complete. No other information is saved.

Whenever NetBIOS session setup frames or connectionless data transfer frames are received, the name cache is used to determine how to forward the frame. If one of these frames is received on the bridge network at a router, one of the following actions is taken:

Learning NetBIOS Names

NetBIOS names are learned and classified from information in the NetBIOS session setup frames (Name-Query and Name-Recognized).

Configuring NetBIOS Name Cache Entries

It is possible to configure individual remote NetBIOS names and associate them with a particular DLSw TCP session. This can greatly reduce the search overhead. To improve performance, it is recommended to configure the remote NetBIOS servers that are accessed commonly by NetBIOS clients in the router's local bridge network.

It is not possible to configure individual local NetBIOS names and associate them with a particular MAC address and route.

There are three types of NetBIOS name cache entries:

Configuring Name Cache Parameters

To prevent one type of NetBIOS name from filling up the entire name cache, there are two configurable NetBIOS name cache limits:

If an entry is not referenced for a configurable timeout period, then it is automatically deleted. This timeout out period is the unreferenced entry timeout value.

The association of a NetBIOS name with either a TCP session or a MAC address and route is made at one instance in time. Because networks are changing and the best path to a NetBIOS name may change, the association between a NetBIOS name and a TCP session or a MAC address and route is saved for only a configurable period of time. After this period of time, a new best path association is learned. The parameter that controls this configurable period of time is the best path aging timeout value.

Another useful configuration parameter is the reduced search timeout value. In addition to controlling for what period of time duplicate command frames are filtered to the DLSw network, it also controls how long to wait before expanding the search for a NetBIOS name. If a NetBIOS session setup frame is received and the destination NetBIOS name is found in the router's NetBIOS name cache as an individual remote frame, then the frame is forwarded to the corresponding TCP session. If no response to this frame is received, it could be due to the name no longer being accessible via this path. The first duplicate NetBIOS session setup frame received after the reduced search timer expires is forwarded to all DLSw TCP sessions, thus expanding the search to look for a better path.

The last parameter, significant characters in name, controls how many of the 16 characters in a NetBIOS name are needed to consider it a unique NetBIOS name. Some NetBIOS applications use the 16th character of the NetBIOS name to distinguish between certain entities associated with a single NetBIOS name (for example, print server and file server). In these cases, it is best to specify significant characters in name as 15. This causes any frame in which the first 15 characters of the destination NetBIOS name matches the first 15 characters of the router's NetBIOS name cache entry to be forwarded according to the name cache entry information. Thus multiple NetBIOS names can be represented with a single NetBIOS name cache entry.

All of the above NetBIOS name cache related parameters can be configured using the set cache-parms command as follows.

   NetBIOS config>set cache-parms
 
   Significant characters in name [15]?
   Best path aging timeout value in seconds [60.0]?
   Reduced search timeout value in seconds [1.5]?
   Unreferenced entry timeout value in minutes [5000]?
   Max nbr local name cache entries [500]?
   Max nbr remote name cache entries [100]?
 
   Cache parameters set

See "NetBIOS Commands" for more information on the set cache-parms command.

Displaying Cache Entries

The router provides the following commands that let you view cache entries. From the NetBIOS configuration prompt, you can use the list cache commands in Table 11.

Table 11. NetBIOS List Cache Configuration Commands
Command Displays . . .
 list cache all   All permanent entries. Does not show static and dynamic entries. 
 list cache entry-number   A permanent cache entry according to its entry number. 
 list cache NetBIOS-name   A permanent cache entry for a specific NetBIOS name. 
 list cache ip-address   A permanent cache entry for a specific IP address. 

From the NetBIOS monitoring prompt, you can use the list cache commands in Table 12.

Table 12. NetBIOS List Cache Monitoring Commands
Command Displays . . .
 list cache active   All active entries in the router's name cache, including permanent, static, and dynamic entries. 
 list cache config   Static and permanent entries.  Does not show dynamic entries.
 list cache group   Entries that exist for NetBIOS group names. 
 list cache local   Local cache entries. Local cache entries are those that the router learns over the bridged network. 
 list cache name   A cache entry for a specific NetBIOS name. 
 list cache remote   Remote cache entries.  These are entries that the router learns over the DLSw WAN.
 list cache unknown   Entries where the type of NetBIOS entry is unknown. The router considers all entries unknown until it learns the type of entry. 


NetBIOS Host Name and Byte Filtering Configuration Procedures

The following sections provide examples of how to set up NetBIOS filtering. The first explains how to create a host-name filter. The second demonstrates how to configure a byte filter. For more information on the commands used in these examples, see "NetBIOS Commands".

To create a host-name filter, enter commands at the NetBIOS Filter config> prompt.

   Config>protocol asrt
   Adaptive Source Routing Transparent Bridge user configuration
   ASRT config>NetBIOS
 
   NetBIOS Support User Configuration
 
   NetBIOS config>set filter name
   NetBIOS Filtering configuration
   NetBIOS Filter config>

Creating a Host-name Filter

Use the following procedure to create a host-name filter.

  1. Create an empty name filter list.
    NetBIOS Filter config>create name-filter-list
    Handle for Name Filter List []? boston
    
  2. Add the filter items to the name filter list.

    Enter update to get to the prompt for that specific filter list. From this prompt, you can add filter items to the filter list.

    NetBIOS Filter config>update
    Handle for Filter List []? boston
    Name Filter List Configuration
    NetBIOS Name boston config>
    
  3. Add filter items to the filter list with the add command. The way filter items are configured determines which NetBIOS packets are bridged or dropped. Configure host-name filter items with the following parameters entered in this order:

    The following example adds a filter item to the host-name filter list boston, which allows packets containing the hostname westboro (an ASCII string) to be bridged (configured as inclusive). No <LAST-hex-number> parameter has been configured for this entry.

       NetBIOS Name boston config>add inclusive ascii
       Hostname []? westboro
       Special 16th character in ASCII hex (<CR> for no special char) []?
    

    You can enter all parameters as one string on the command line if you do not want to be prompted. Be sure to use a space between each parameter.

  4. Verify the filter item entry.

    Type list to verify your entry:

    NetBIOS Name boston config>list
     
    NAME Filter List Name: boston
    NAME Filter List Default: Inclusive
     
     Item #   Type    Inc/Ex    Hostname         Last Char
     
       1      ASCII    Inc      westboro
    
  5. Add additional filter items to the filter list.

    Repeat the first four steps to add additional filter items to the filter list. The order in which you enter filter items is important because this determines how the router applies the filter items to a packet. The first match stops the application of filter items and the router either forwards or drops the packet, depending on whether the filter item is Inclusive or Exclusive.

    Entering the most common filter items first makes the filtering process more efficient because the software is more likely to make a match at the beginning of the list.

    If the packet does not match any of the filter items, the router uses the default condition (Inclusive or Exclusive) of the filter list. You can change the default condition of the list by entering default inclusive or default exclusive at the filter list configuration prompt. For example:

      NetBIOS Name boston config> default exclusive
    
  6. When you have finished adding filter items to the filter list, enter exit to return to the NetBIOS Filter config> prompt.
       NetBIOS Name boston config>exit
       NetBIOS Filter config>
    
  7. Add the filter to your configuration.

    The filter list containing the filter items can now be added as a filter to your bridging router configuration. Use the filter-on command to do this. Configure host-name filters with the following parameters (entered in this order):

    The following example adds a host-name filter to affect packets input on port #3. It is comprised of the host-name filter list boston. All packets input on port #3 are evaluated according to the rules provided by the filter items contained in the filter list boston. This means that all packets input on port #3 containing the hostname westboro are bridged.

       NetBIOS Filter config>filter-on input
       Port Number [1]? 3
       Filter List []? boston
    
  8. Verify the newly created filter.

    Enter list to verify your entry:

       NetBIOS Filter config>list
     
       NetBIOS Filtering: Disabled
     
       NetBIOS Filter Lists
       --------------------
     
           Handle           Type
           nlist            Name
           newyork          Name
           HELLO            Byte
           boston           Name
     
       NetBIOS Filters
       ---------------
     
           Port #      Direction      Filter List Handle(s)
              3          Output       nlist
              1          Input        newyork OR HELLO
              3          Input        boston
    
  9. Globally enable NetBIOS filtering.

    Use the enable command to globally enable NetBIOS filtering on the router.

    NetBIOS Filter config>enable NetBIOS-filtering
    
  10. Restart the router to activate all NetBIOS filtering configuration changes.

    Enter exit followed by Ctrl-P to return to the * prompt. From this prompt, enter restart to activate all software changes made during the NetBIOS filtering configuration process.

    NetBIOS Filter config>exit
    ASRT config>exit
    Config> Ctrl-P
    * restart
    

Creating a Byte Filter

Use the following procedure as a guideline for creating a byte filter. Enter all commands at the NetBIOS filtering config> prompt.

   Config>protocol asrt
   Adaptive Source Routing Transparent Bridge user configuration
   ASRT config>NetBIOS
 
   NetBIOS Support User Configuration
 
   NetBIOS config> set filter byte
   NetBIOS Filtering configuration
   NetBIOS Filter config>
  1. Create an empty filter list using the create byte-filter-list command.
    NetBIOS Filter config>create byte-filter-list
    Handle for Byte Filter List []? westport
    
  2. Add the filter items to the byte filter list.

    Enter update to get to the prompt for that specific filter list. From this prompt you can add filter items to the filter list.

    NetBIOS Filter config>update
    Handle for Filter List []? westport
    Byte Filter List Configuration
    NetBIOS Byte westport config>
    

    Begin adding filter items to the filter list with the add command. The way filter items are configured determines which NetBIOS packets are bridged or dropped. Byte filter items are configured with the following parameters (entered in this order):

    The following example adds a filter item to the Byte filter list westboro that allows packets with a hex pattern 0x12345678 at byte offset of 0 to be bridged (configured as inclusive). No hex mask is present.

    NetBIOS Byte westport config>add inclusive
    Byte Offset [0]? 0
    Hex Pattern []? 12345678
    Hex Mask (<CR> for no mask) []?
    
  3. Verify the filter item entry with the list command.
    NetBIOS Byte westport config>list
     
    BYTE Filter List Name: westport
    BYTE Filter List Default: Inclusive
     
     Item #   Inc/Ex   Offset  Pattern        Mask
     
       1       Inc        0    0x12345678     0xFFFFFFFF
    
  4. Add additional filter items to the filter list.

    Repeat the first three steps to add additional filter items to the filter list.

  5. When you have finished adding filter items to the filter list, type exit to return to the NetBIOS Filter config> prompt.
    NetBIOS Byte westport config>exit
    NetBIOS Filter config>
    

    The order in which you enter filter items is important, because this determines how the router applies the filter to a packet. The first match stops the application of filter items and the router either forwards or drops the packet, depending on whether the filter item is Inclusive or Exclusive.

    Entering the most common filter items first makes the filtering process more efficient because the software is more likely to make a match at the beginning of the list rather than having to check the whole list before making a match.

    If the packet does not match any of the filter items, the router uses the default condition (Inclusive or Exclusive) of the filter list. You can change the default condition of the list by entering default inclusive or default exclusive at the filter list configuration prompt. For example:

    NetBIOS Byte westport config> default exclusive
    
  6. Add the filter to your configuration.

    The filter list containing the filter items can now be added as a filter to your bridging router configuration. Use the filter-on command to do this. Configure host-name filters with the following parameters (entered in this order):

    The following example adds a host-name filter to affect packets output on port #3. It is comprised of the byte filter list westboro. All packets output on port #3 will be evaluated according to the rules provided by the filter items contained in the filter list westboro.

    NetBIOS Filter config>filter-on output
    Port Number [1]? 3
    Filter List []? westboro
    
  7. Verify the newly created filter.

    Enter list to verify your entry:

    NetBIOS Filter config>list
     
    NetBIOS Filtering: Disabled
     
    NetBIOS Filter Lists
    -------------------
     
        Handle           Type
        nlist            Name
        newyork          Name
        HELLO            Byte
        westboro         Byte
     
    NetBIOS Filters
    ---------------
     
        Port #      Direction      Filter List Handle(s)
           3          Output       nlist
           1          Input        newyork OR HELLO
           3          Output       westboro
    
  8. Globally enable NetBIOS filtering.

    Enter enable to globally enable NetBIOS filtering on the bridging router.

    NetBIOS Filter config>enable NetBIOS-filtering
    
  9. Restart the router to activate all NetBIOS filtering configuration changes.

    Enter exit followed by Ctrl-P to return to the * prompt. Enter restart.

    NetBIOS Filter config>exit
    ASRT config>exit
    Config> Ctrl-P
    * restart
    


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]