I don't understand a few things in your post.
First, I have had W2K Pro and Server in the lab and our findings are that
W2K Pro does NOT install SNMP by default but Server DOES. So the W2K Pro
machines should be ok. (like I said, that's our findings from doing the
installs ourselves, Dell is maybe doing their own idea of pre-config). This
was further shown to us as W2K of all stripes is forbidden from the network
until it is rolled out properly. People install W2K server not knowing that
SNMP is installed by default with the "public" community string. Our SNMP
management tools pick them up immediately and we catch them and shut them
down and they wonder how we found them so fast.
W2K Pro on the other hand is more difficult to find and we use non-SNMP
methods to find them.
Next, SNMP has nothing to do with Network Neighbourhood. On my last network
of over 12,000 devices, PCs show up in the 'Hood and they DON'T have SNMP
configured. Only the servers, printers and routers/switches have SNMP
enabled.
Network Neighbourhood has a lot to do with WINS and browsing.
So, what is probably happening is that W2K Pro machines are assuming the
Master Browser Role for their subnets as NT (W2K Pro) is higher on the
browser ladder than Win9x. Also, W2K Pro needs to be registered in the
Domain Computer database so automatically the browse tables know about more
computers than with Win9x.
So, I'm not sure how to "fix" your problem. Actually what you're seeing is
normal for a NT Workstation (W2K Pro). The only thing I can think of
quickly is to disable browser advertisements of the W2K Pro machines.
Also a lot of work unless it can be incorporated into a security policy
applied to all W2K Pro machines at login.
Offhand, I don't know of a way to target specific computer types in an IOS
ACL. Trapping SNMP would disable SNMP for all devices.
Kevin Wigle
CCDP/CCNP/MCSE.................
----- Original Message -----
From: "Deepak Sharma" <[EMAIL PROTECTED]>
To: "cisco" <[EMAIL PROTECTED]>
Sent: Wednesday, 06 September, 2000 23:17
Subject: Win2k SNMP Traffic
> Ok here's the scenario.....
>
> Multiple branch offices,( LAN, WAN> slowest 56k and fastest oc3) and
> cisco routers from 1900's to 3600's )
>
> PDC, and a whole lota BDC's. NT 4.0 PDC and BDCs; still wanna see the
> those computers when I go into network neighbor hood.
> BUUUUTTTTT.....Dell is now shipping all there new Pc's with win2k
> professional, and refuse to go back to win9x for me. ((
> ba*tards))....this causes me to have alota headache, cause win2k has
> SNMP traffic enabled by Default when we get them...and now I can start
> to see all the new win2k machines in network neighbor hood. This is a
> problem due to security reasons and management and blah blah blah...and
> there's NO possible way I can go, or tell the techy there to go to
> disable SNMP traffic on all the new comps!!!....I was thinking about
> goin to all the branch offices and config. the routers to block snmp
> traffic ( port 161 off the top of my head ),
>
> So is there any way i can block SNMP traffic on win2k professional from
> the routers......cause i still wanna see the pdc and bdc's.....but this
> is not too important...I just REALLY need to stop those win2k machines
> from appearing on network neighborhood
>
> " access-list 100 deny snmp win2kpro" hahah????
>
>
> thanks
>
> Deepak Sharma
> MSCE CCNA ACT A+
> Ceridian Canada Ltd.
> --
> \\|//
> (o o)
> oOOo-(_)-oOOo
> *@ bcz finest @*
>
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
