Master Browsing Issues on Multi Vlan Network

j-metcalf · ‎02-21-2003

Several computers on our network attempt to become the master browser. We have done the following and it STILL does not fix the master browser issue.

Our vlans are configred as follows:

ip access-group 100 out

ip helper-address 172.19.1.1

ip helper-address 172.19.1.2

ip helper-address 172.19.1.3

no ip redirects

no ip directed-broadcast

And Access-Group 100 is as follows:

access-list 100 deny udp any any eq netbios-ns

access-list 100 deny udp any any eq netbios-dgm

access-list 100 permit ip any any

Any other suggestions?

donewald · ‎02-21-2003

Can you be more specific about your master browser issue? Are you stating that multiple machines on the same VLAN/BCAST domain are thinking they are the MB? Or multiple machines, one per VLAN are becoming MB? If it's the latter then, as I recall, there is a MB elected per segment/VLAN so a Master Browser per segment is normal. Browsing between segments requires WINS. Please state the details of what your problem is if I did not state anything close.

Hope this helps you,

Don

andrew.butterworth · ‎02-22-2003

By default the ip helper-address command enables forwarding of 8 UDP broadcast packets: bootpc & bootps (DHCP 67/68), NTP (123), netbios name service (137), netbios datagram service (138), TFTP (69), DNS (53) & TACACS (??).

If you leave the netbios-ns & netbios-dgm services enabled it upsets the master browser stuff with microsoft networking. Every IP Subnet MUST have a master browser (and several backup browse masters). I suggest you ensure you have WINS name resolution enabled and that your WINS server(s) are working correctly (use the microsoft command line utility 'nbtstat.exe' on workstations to check). I would then enable the following commands in global config on your router - (remove the ACL from the interfaces also)

no ip forward-protocol udp tftp

no ip forward-protocol udp nameserver

no ip forward-protocol udp time

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

There are several documents on microsofts website regarding how the Master Browser operates in a routed environment, it may be worth checking them out. The fact a machine attempts to become a master browser is not a problem - all Microsoft networking clients from WFW3.11 upwards CAN be master browsers; the master browser election that takes place per IP network (or IP subnet) should elect the most appropriate device to function as the master (based on version; i.e. a Win2K Server would win over a Win2K Workstation etc).

Hope this helps

dwallwork · ‎02-22-2003

One thing to be very conscious of in the Windows world is that clients can be configured to use native Netbios or perhaps to use Netbios over IP. This is configurable in the TCP/IP settings. Of course in tandem with this a DHCP server can also assign or mandate which type the Netbios clients on a given segment will be. Be carefull to understand what is happening in that regard.

Also, it is perfectly normal for an election to occur on a segment (it is on a per segment basis) as there is a very specific machine hierarchy. For example, in an NT domain, a Windows PDC would out-vote a BCD which in turn would out-weigh a client machine. If the Master Browser disappears for any reason, even temporarily for a reboot, then an election is triggered and the next highest successor will be elected base on it's having the next highest weight. An election in of itself is not an unexpected situation.

j-metcalf · ‎02-22-2003

Thanks for the advice, the issue I am having is user computers on our network trying to become the master browser. I thought that by blocking ports 137, and 138, I would be able to stop the client PC's from broadcasting and therefore stop making the "PDC" force an election. It get's so bad at times that the network browsing services are electing all day long and therefore not properly mapping out the network.

I will try the above suggestions and post my results for anyone else dealing with these issues.