Hi Gerry

I would like to expand a bit on the previous answer.

The 300 series switch, when in layer 3 mode does support UDP port forwarding  for such protocols as netbios.

Rememeber each GUI page has  specific help text to understand the command, just select Help at the top right of the screen .

Check out the option below,  which is only visible when you put the switch into layer 3 mode, it is  like a router ip helper command, and  used to port forward and UDP broadcasts to a unicast address.

port   prot.     description

This screen capture looks a bit weird, as I do not have multiple VLANs on the switch, only a single VLAN, so it pulled up the IP address of VLAN 1 of my SG300-10P  (SRW2008P-K9-NA) switch.

This GUI option  could take a Netbios broadcast from within  VLANx. (where x normally = 2 to 4094)  and unicast it to the windows server.

You have to add two entries to port forward  NETBIOS,  UDP ports 137 and  138.

Switch then unicast,  these VLAN x broadcasts  to a server of interest at a destination IP address.  Or this option allows for  floods it to all addresses if you state 255.255.255.255.  But personally I like setting a specific Windows server  IP destination address of interest.

Please,  make absolutely sure WAN router should have a route pointing back to the VLAN x network and  even feel free to add a persistant route withijn the server if you wish,  that also points to VLANx network.. never hurts

Note: the wan router should be able to ping VLAN x IP address of the switch, otherwise IP hosts will not be able to communicate back with IP hosts in VLAN x..

DHCP relay is also similar, but your router has to be able to recognise/differentiate  DHCP requests with option 82 or VLAN ID,  and allocate a different scope of addresses to the new VLAN.

Good luck and give that a try.

regards Dave

Dave,

Thanks very much for the response. 

* I added UDP entries for 137,138, using source as ALL and destination as the IP addresses for my PDC, BDC and WINS IP addresses on VLAN2

* I also disabled the firewall on my XP client in VLAN3 since it might block traffic from those ports from different subnets

It didn't work.  When I say "didn't work" I mean I can't use NET USE or NET VIEW on my VLAN3 to see shares on VLAN2.  Ping works just fine in both directions.

Strangely, I got on the BDC on VLAN2 and successfully mapped a SMB share on VLAN3 (the opposite direction of how I want to go).  With a couple minutes of that mapping, the machine with the SMB share on VLAN3 was then able to map drives on VLAN2 (the direction I want to go).  I'm not sure why that's happening.

Is there a log indicating which packets are being dropped, preventing NetBIOS from working?  I couldn't find a way to track dropped packets.

Perhaps I'm overlooking something obvious.

Any insight would be greatly appreciated.  Thanks,

GV

Hi Gerry,

What about the source address being the IP address associated with VLAN3 ?

regards Dave

Hi Gerry,

Hi David,

Did you ever resolve this issue?  I have a similar issue with WOL packets.  I want to broadcast a magic WOL packet from one VLAN 200 (10.1.1.0) to VLAN300 (10.2.2.0).  For this I've configured an UDP-Relay (GUI menu IP Configuration) for UDP-Port 7 to 255.255.255.255 (this should flood all interfaces with the paket) with the source IP configured as 10.1.1.0.  However despite the configuration, the WOL packet doesn't arrive at the destination.  When I send the packet in the same VLAN (10.2.2.0) it works fine.  Did I miss something?

I've opened a new thread for this:

https://supportforums.cisco.com/thread/2170291

Many thanks for your help!

Kind regards,

Romeo

Hello Romeo,

No, unfortunately I never resolved this issue.  I eventually decided to flatten my LAN so there were no VLANs.

Hope you find an answer,

GV

Hi guys, I delete the other posts because I have labbed this scenario and successfully made it work.

Here are the lab considerations:

1 - SG300-28 switch in layer 3 mode

2 - Window Vista Home and a Window XP pro computer

3 - There was no router or DHCP service, I statically assigned the computers so it is basically a simply point to point

From the CLI here is the configuration;

config t

vlan database

vlan 2

int vlan 2

ip address 192.168.2.254 /24

int vlan 1

ip address 192.168.1.254 /24

int gi24

switchport mode access

switchport access vlan 2

int gi12

switchport mode access

ip helper-address all 255.255.255.255 137 138

do wr mem

From this configuration, the ip helper-address toggles the UDP relay. The ALL represents BOTH of the SVI. The 255.255.255.255 broadcasting to all IP on the switch. The 137 and 138 are obviously the NetBIOS ports.

The Computer \\Tom is 192.168.2.10 /24 at 192.168.2.254 gateway connecting to port 24. The computer \\Cisco is connecting to port 12 at 19.168.1.10 /24 at 192.168.1.254 gateway.

Initially, this did not work when I used Start Menu -> Run \\Tom

I then disabled the Windows Firewall for \\Tom

Immediately I had zero issues to access the computer.

In addition, I have verified 2 other methods for the syntax.

ip address-helper all 192.168.1.10 137 138  

This will allow only to the specific host from all SVI

ip helper-address all 192.168.1.255 137 138

This will allow to flood all of the 192.168.1.0 subnet

Here is a documentation I just created with the GUI

https://supportforums.cisco.com/docs/DOC-27022

-Tom
Please rate helpful posts

Dear Tom,

Great, thank you so much for taking time to document this!  I think in my case the issue is solved, I can ping and access all hosts in the other VLAN using their Netbios name.

Regarding the Network Browsing, I am using Windows 7, and by default the firewall only allows the Network Discovery within the local subnet.  I had to add the other VLAN's subnet to the scope:

This you'll find under Control Panel\System and Security\Windows Firewall and then "Advanced Settings" on the left side.

Once again, thanks for your committed support.

Kind regards,
Romeo