Roberts, Larry wrote: > > Hey all, > > Just curious if anyone has any links on filtering the domains > on their > network at the router. > We are having a large amount of NT domains that are showing up > internally, > and I would like to start blocking these advertisements at the > remote > routers.
I could be wrong here, but you shouldn't have to block these advertisements. They should get blocked by default. From what I understand, the default behavior would be that you would not see NT domains that aren't local. Resource advertisement on NT networks is based on NetBIOS naming, which uses UDP in a TCP/IP environment, and sends to the broadcast address, which should not be forwarded by routers. So I would look for a non-default router configuration line, in particular an ip helper address that is causing broadcasts to leak over into your network. Unless Cisco has finally changed this annoying behavior recently, (I think I heard that they did?), configuring a helper address causes lots of UDP broadcast traffic to get forwarded. You might have added a helper address to get DHCP to work and as a side affect caused the following broadcasts to also get forwarded: TFTP (port 69) DNS (port 53) Time (port 37) NetBIOS naming (port 137) NetBIOS datagram (port 138) TACACS (port 49) The fix is to add the ip forward-protocol udp command for the stuff you want and no ip forward-protocol udp for the stuff you don't want. If this doesn't help, just let us know. Thanks. __________________________ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > Is this possible ? I can't figure out how, but I suspect that > if it can be > done, someone on this list has done it. > > > > Thanks > > Larry > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54679&t=54668 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
