Here are my comments on one posting: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Erik Bussink wrote: > > I've got some more questions about filters. Some people have > mentioned installing filters on my P50 to stop NetBIOS port > 137 & 139 packets. > > 1) > Now I've re-read the chapter in the Ascend manual a couple of times > and I'm a bit confused about the Input Filter and the Output Filter. I've been a bit confused about filters, and although I generally think P50 docs are pretty good, they sure don't help much here.... > Ascend P50 User Guide 10-7 "If the filter is applied as a data filter > on Ethernet, it affects packets from the Ethernet INTO the pipeline or > from the Pipeline OUT to the Ethernet." > > So my NetBIOS filters should be in the Input Filter, right ? Yes, assuming that the Pipeline itself never needs to see any of the packets you filter out. > 2) > Below on the Right is the filter as described on Ascend's Web site, but if > I enter the information on my P50 I get the filter on the Left. Is it normal > I have some 0000 on the Mask and Value or do I need to get a full line of FF. I wondered about this one myself...... but assumed that it did not make any difference. > [Filter to stop RIP, ARP and Netbios messages] > Out Filter 01 Out Filter 01 > Generic Generic > Forward=No Forward=No > Offset=0 Offset=0 > Length=6 Length=6 > Mask=ffffffffffff0000 Mask=ffffffffffff > Value=ffffffffffff0000 Value=ffffffffffff > Compare=Equals Compare=Equals > More=No More=No > > 3) > Now do I need to put this filter in the Call Filter or the Data > filter ? Or can I put them in both ? Well..... 1) If it's on the Ethernet, there only _is_ a Data filter. 2) The filter shown above removes Ethernet packets with a broadcast MAC address, which it seems to me will include ARP requests... the Pipeline will need to see those. 3) Are you running only IP? Or are you bridging? The filter shown above won't remove RIP packets from an IP-only WAN link, since a P50 with RIP turned on in a connection profile will send RIP packets with an explicit destination address (namely, the gateway on the other end of the link). 4) A Data filter specified in a connection profile will actually prevent packets from being transmitted over that link; a Call filter will allow the packets to be transmitted if the link is up, but a packet presented for transport when the link is down will not cause dialing if the packet is blocked by the filter, and packets blocked by the filter will not reset the idle timer, i.e. they will not keep a call up. > 4) > The filters as described on Ascend's web page > <A HREF="http://www.ascend.com/service/technotes/filter_nt.html">http://www.ascend.com/service/technotes/filter_nt.html</A> > for eliminating the NetBIOS/NetBEUI master browser broadcast > is the same as the one they describe for stopping > DEC MOP_RC broadcast ? Yeah, it eliminates _all_ Ethernet broadcast packets. Since I'm only using IP on my WAN links, I find it much easier to specify filters as IP rather than generic. For example, this filter will block RIP packets: Forward=No Protocol=17 ;UDP Src Port Cmp=Eql Src Port #=520 ;RIP I use this as a Call filter on links where I have RIP turned on, so the RIP traffic won't keep the call up. If you can identify the protocols and port #'s for the traffic you want to block, constructing IP filters doesn't seem to be too difficult. However, I have run into one problem: I have one P50 where I changed many filter sections from the default filters (all Generic) to IP. As I changed each section, I was asked to save changes, and got a success message. When I exited from the 20-402 menu (for the specific filter I was changing) to the 20-400 menu I was asked again to save changes, and when I said yes, was informed that there was no more space in nvram to save my changes. ?? Does anyone know what this is all about, and what I have to do to fix it? If the answer is that I have to clear the nvram and reload config, I'll be very unhappy, since the unit in question is at an unattended site, with my only network access going through the router which is misbehaving. ------------------------------------------------------------------ John K. Chester jkc@sufficiently.com 908-638-5487 fax & voicemail 212-253-4290 ------------------------------------------------------------------ ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.shore.net/~dreaming/ascend-faq">http://www.shore.net/~dreaming/ascend-faq</A>> or <<A HREF="ftp://ftp.shore.net/members/dreaming/ascend-faq.txt">ftp://ftp.shore.net/members/dreaming/ascend-faq.txt</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!--X-Follow-Ups-End--> <!--X-References--> <HR> <STRONG>References</STRONG>: <UL> <LI><STRONG><A HREF="msg04675.html">(ASCEND) More questions about Filters...</A></STRONG></LI> <UL> <LI><EM>From</EM>: Erik Bussink <erik@bussink.ch></LI> </UL> </UL> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg04697.html">(ASCEND) Bridging</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg04694.html">Re: (ASCEND) Disabling internal-NT1 on Ascend P50 UBRI</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg04675.html">(ASCEND) More questions about Filters...</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg04676.html">(ASCEND) Ascend not 8bit transparent..</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="mail168.html#04703"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd10.html#04703"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>