Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1326
Views
0
Helpful
1
Replies

[ACL]If I open netbios for some ip deny will be ignored

vincentweeda
Level 1
Level 1

‎01-11-2013 07:16 AM - edited ‎02-20-2020 09:43 PM

Dear,

For my study (CCNA) i`m playing around with Cisco in a lab enviorment to get familiar with the CLI and basic configurations. I need to block with an ACL access to netbios on client side and accept netbios to the file server.

I have made the following configuration for that:

LABSWITCH# Show access-list NETBIOS
Extended IP access list NETBIOS
    permit  tcp any any 10.5.2.130 0.0.0.255 135
    permit  udp any any 10.5.2.130 0.0.0.255 135
    permit  tcp any any 10.5.2.130 0.0.0.255 137-139
    permit  udp any any 10.5.2.130 0.0.0.255 137-139
    permit  tcp any any 10.5.2.130 0.0.0.255 445
    permit  udp any any 10.5.2.130 0.0.0.255 445
    deny    tcp any any any 135
    deny    udp any any any 135
    deny    tcp any any any 137-139
    deny    udp any any any 137-139
    deny    tcp any any any 445
    deny    udp any any any 445
    permit  ip any any

And ofcorse i have added the acl to the interface with

LABSWITCH# interface GE1 service-acl in NETBIOS

If I create a ACL with only the deny part + permit ip any any it works great!

But then i can`t connect to the file server...

If I activate the acl above i have access to the file server but also to the clients.

Thanks in advance

Message was edited by: Vincent Weeda

Labels:
0 Helpful
1 Reply 1

vincentweeda
Level 1
Level 1

‎01-15-2013 01:48 AM

Dear,

I have found my mistake. I had the acl on the GE1 and it must ofcourse on the FE1-FE4 interfaces of the "clients".

It`s working now

Beste regards,

0 Helpful
Customers Also Viewed These Support Documents