This document describes the NetBIOS Name and Byte filtering configuration and monitoring commands. It includes:
Displaying the NetBIOS Filtering Prompts
Setting Up NetBIOS Name and Byte Filters
NetBIOS Name and Byte Filter Commands
Update Byte-Filter-List Commands
Update Name-Filter-List Commands
Displaying the NetBIOS Filtering Prompts
This section describes the NetBIOS Name and Byte filter configuration and monitoring commands.
Enter configuration commands at the NetBIOS Filter config> prompt. Display this prompt as follows:
Enter monitoring commands at theConfig>protocol bridge
Transparent Bridge user configuration
Bridge Config>netbios
NetBIOS Support User Configuration
NetBIOS config>set filter name
NETBIOS Filtering configuration
NETBIOS Filter config>
NetBIOS Filter> prompt. Display this prompt as follows: Bridge>netbios
NetBIOS Support User Console
NetBIOS>set filter name
NETBIOS Filter>
Filter lists, which are made up of one or more filter items
Filter items, which specify the NetBIOS names you want to filter
You configure NetBIOS name and byte filters for each port and specify whether the filter applies to input or output packets.
The following sections provide examples of how to set up a host name filter and a byte filter. NetBIOS Name and Byte Filter Commands describes the commands used in these examples.
Example 1: Creating a Name Filter
Use the following procedure as a guideline to create a name filter. Before you begin, display the NETBIOS Filter config> prompt.
Config>protocol bridge
Transparent Bridge user configuration
Bridge Config>netbiosNetBIOS Support User Configuration
NetBIOS config>set filter name
NETBIOS Filtering configuration
NETBIOS Filter config>
Enter create name-filter-list. The software prompts you to name your filter list.
NetBIOS Filter config>create name-filter-list
Handle for Name Filter List []? boston
Enter update. The router prompts you for the name of the filter list.
NetBIOS Filter config>update
Handle for Filter List []? boston
Name Filter List Configuration
NetBIOS Name boston config>
When you add a filter item, you must specify the following parameters in this order:
Inclusive (bridged) or exclusive (dropped).
ASCII or hex is how you enter the name.
Hostname is the actual name in either an ASCII or hex format. This entry is case sensitive.
Special 16th character is an optional parameter for use with ASCII strings containing fewer than 16 characters.
The following example adds a filter item to the filter list boston, which allows packets containing the name westboro (an ASCII string) to be bridged (configured as inclusive). No Special 16th character is configured.
NetBIOS Name boston config>add inclusive ascii
Hostname []? westboro
Special 16th character in ASCII hex(<CR> for no special char)[]?
If you do not want to be prompted, enter all parameters as one string on the command line. Use a space between each parameter.
Enter list to verify your entry.
NetBIOS Name boston config>list
NAME Filter List Name: boston
NAME Filter List Default: Inclusive
Item # Type Inc/Ex Hostname Last Char
1 ASCII Inc westboro
Repeat step 3 to add filter items to the
filter list. The order in which you enter filter items is important. This determines how the router applies the filter items to a packet. The first match stops the application of filter items and the router either forwards or drops the packet, depending on whether the filter item is Inclusive or Exclusive. Entering the most common filter items first makes the filtering process more efficient because the software is more likely to make a match at the beginning of the list. If the packet does not match any of the filter items, the router uses the default condition (Inclusive or Exclusive) of the filter list. You can change the default condition of the list by entering default inclusive or default exclusive at the filter list configuration prompt. For example:
NETBIOS Name boston config>default exclusive
NetBIOS Filter config> prompt.
NetBIOS Name boston config>exit
NetBIOS Filter config>
Input filters incoming packets or output filters outgoing packets.
Port# is the desired configured bridging port number on the router.
Filter-list is the name of the filter list (containing filter items) that you want to be included in this filter.
Optionally add additional filter lists to the filter. Enter AND or OR in upper-case letters followed by a filter list name.
The following example adds a name filter comprised of the name filter list boston. The router evaluates all packets input on port 3 according to the filter items in the filter list boston. This means the router bridges all packets input on port 3 that contain the name westboro.
NetBIOS Filter config>filter-on input
Port Number [1]? 3
Filter List []? boston
NetBIOS Filter config>list
NetBIOS Filtering: Disabled
NetBIOS Filter Lists
--------------------
Handle Type
nlist Name
newyork Name
HELLO Byte
boston Name
NetBIOS Filters
---------------
Port # Direction Filter List Handle(s)
3 Output nlist
1 Input newyork OR HELLO
3 Input boston
Enter enable netbios-filtering.
NetBIOS Filter config>enable netbios-filtering
NetBIOS Filter config> prompt.Config>protocol bridge
Transparent Bridge user configuration
Bridge Config>netbios
NetBIOS Support User Configuration
NetBIOS config>set filter byte
NETBIOS Filtering configuration
NETBIOS Filter config>
Use the create byte-filter-list command.
NetBIOS Filter config>create byte-filter-list
Handle for Byte Filter List []? westport
Enter update. The router prompts you for the name of the filter list.
NetBIOS Filter config>update
Handle for Filter List []? westport
Byte Filter List Configuration
NetBIOS Byte westport config>
When you add a filter item, you must specify the following parameters in this order:
Inclusive (bridged) or exclusive (dropped).
Byte offset is the number of bytes (in decimal) to offset into the packet the router is filtering. This starts at the NetBIOS header of the packet. Zero specifies that the router examines all bytes in the packet.
Hex pattern is a hexadecimal number the router uses to compare with the bytes starting at the byte offset. See NetBIOS Name and Byte Filter Commands for syntax rules.
Hex mask if present, must be the same length as hex pattern. It is logically ANDed with the bytes in the packet, starting at byte offset, before the router compares the result with the hex pattern. If you omit the hex mask, the router considers it to be all binary 1s.
The following example adds a filter item to the byte filter list westboro that causes the router to bridge packets with a hex pattern 0x12345678 at a byte offset of 0 (configured as inclusive). No hex mask is present.
NetBIOS Byte westport config>add inclusive
Byte Offset [0]? 0
Hex Pattern []? 12345678
Hex Mask (<CR> for no mask) []?
NetBIOS Byte westport config>list
BYTE Filter List Name: westport
BYTE Filter List Default: Inclusive
Item # Inc/Ex Offset Pattern Mask
1 Inc 0 0x12345678 0xFFFFFFFF
Repeat step 3 to add filter items to the
filter list. The order in which you enter filter items is important. This determines how the router applies the filter to a packet. The first match stops the application of filter items and the router either forwards or drops the packet, depending on whether the filter item is inclusive or exclusive. Entering the most common filter items first makes the filtering process more efficient because the software is more likely to make a match at the beginning of the list rather than having to check the whole list before making a match. If the packet does not match any of the filter items, the router uses the default condition (Inclusive or Exclusive) of the filter list. You can change the default condition of the list by entering default inclusive or default exclusive at the filter list configuration prompt. For example:
NETBIOS Byte westport config>default exclusive
NetBIOS Filter config> prompt.
NetBIOS Byte westport config>exit
NetBIOS Filter config>
Input filters incoming packets or output filters outgoing packets.
Port Number is the desired configured bridging port number.
Filter List is the name of the filter list (containing filter items) that you want included in this filter.
Optionally add additional filter lists to the filter. Enter AND or OR in upper-case letters followed by a filter list name.
The following example adds a byte filter to packets output on port 3. It is comprised of the byte filter list westboro. The router evaluates all packets output on port 3 according to filter items contained in the filter list westboro.
NetBIOS Filter config>filter-on output
Port Number [1]? 3
Filter List []? westboro
Enter list to verify the filter.
NetBIOS Filter config>list
NetBIOS Filtering: Disabled
NetBIOS Filter Lists
--------------------
Handle Type
nlist Name
newyork Name
HELLO Byte
westboro Byte
NetBIOS Filters
---------------
Port # Direction Filter List Handle(s)
3 Output nlist
1 Input newyork OR HELLO
3 Output westboro
Enter enable netbios-filtering.
NetBIOS Filter config>enable netbios-filtering
[C] means the command is available at the NetBIOS Filter config> prompt.
[M] means the command is available at the NetBIOS Filter> prompt.
| Command | Function |
|---|---|
| Create [C] | Creates byte filter and name filter lists for NetBIOS filtering. |
| Delete [C] | Deletes byte filter and name filter lists for NetBIOS filtering. |
| Disable [C] | Disables NetBIOS name and byte filtering on the router. |
| Enable [C] | Enables NetBIOS name and byte filtering on the router. |
| Exit [C] [M] | Returns you to the previous prompt. |
| Filter-on [C] | Assigns a filter to a specific port. You can then apply this filter to NetBIOS packets input or output on the specified port. |
| List [C] [M] | Displays all information concerning created filters. |
| Update [C] | Adds information to or deletes information from a name or byte filter list. |
Create [C]
Creates a byte filter list or a name filter list.
Example: create byte-filter-list
Handle for Byte Filter List []? newyork
Example: create name-filter-list
Handle for Name Filter List []? boston
Example: delete byte-filter-list
Handle for Byte Filter List []? newyork
Example: delete name-filter-list newyork
Handle for Name Filter List []? boston
Removes all information associated with the filter and fills any resulting gap in filter numbers.
Port Number [1]?
Removes all information associated with the filter and fills any resulting gap in filter numbers.
Port Number [1]?
Syntax: disable netbios-filtering
Example:disable netbios-filtering
Enable [C]
Globally enables NetBIOS name and byte filtering on the router.
Syntax: enable netbios-filtering
Example:enable netbios-filtering
Exit [C] [M]
Returns to the previous prompt.
exit
Filter-on [C]
Assigns one or more previously configured filter lists to the input or output of a specific port.
Port# is a configured bridging port number on the router. The port number identifies this filter. Enter list to see a list of port numbers. Use the create command to make a filter list. To add additional filter lists to this port, enter AND or OR in all capital letters followed by the filter list name.
The router applies the filter you create with this command to all incoming NetBIOS packets on the specified port. The router evaluates each filter list on the command line from left to right. If a packet matches an inclusive filter, the router bridges the packet. If a packet matches an exclusive filter, the router drops the packet.
If the packet is not one of the types that NetBIOS name or byte filtering supports, the router bridges the packet.
Port Number [1]? 2
Filter List []? newyork AND boston
Port# is a configured bridging port number on the router. The port number identifies this filter. Enter list to see a list of port numbers. Use the create command to make a filter list. To add additional filter lists to this port, enter AND or OR in all capital letters followed by the filter list name.
The router applies the filter you create with this command to all outgoing NetBIOS packets on the specified port. The router evaluates each filter list on the command line from left to right. If a packet matches an inclusive filter, the router bridges the packet. If a packet matches an exclusive filter, the router drops the packet.
If the packet is not one of the types that NetBIOS name or byte filtering suports, the router bridges the packet.
Port Number [1]? 2
Filter List []? newyork OR boston
List [C]
Displays information on all name and byte filters.
list
NETBIOS Filtering: Enabled
NETBIOS Filter Lists
--------------------
Handle Type
boston Name
newport Byte
NETBIOS Filters
---------------
Port # Direction Filter List Handle(s)
1 Input boston AND newport
2 Output boston
List [M]
Displays information on all filters, on byte filters, or on name filters.
Example: list byte-filter-lists
BYTE Filter List Name: newport
BYTE Filter List Default: Inclusive
Filter Item # Inc/Ex Byte Offset Pattern Mask
1 Inclusive 2 0x22 0x11
2 Exclusive 0 0x22 0x22
BYTE Filter List Name: test1
BYTE Filter List Default: Inclusive
Filter Item # Inc/Ex Byte Offset Pattern Mask
1 Inclusive 2 0x22 0xFF
Example: list name-filter-lists
NAME Filter List Name: boston
NAME Filter List Default: Exclusive
Filter Item # Type Inc/Ex Hostname Last Char
1 ASCII Inclusive westboro
NAME Filter List Name: newyork
NAME Filter List Default: Inclusive
Filter Item # Type Inc/Ex Hostname Last Char
1 ASCII Inclusive newyork1
NETBIOS Filtering: Enabled
Port # Direction Filter List Handle(s) Pkts Filtered
1 Input newyork OR boston 0
1 Output boston AND newport
NETBIOS Byte (or Name) filter-list config> prompt, which lets you update the specified filter list. At this prompt you can add, delete, list, or move items in byte and name filter lists. You can also set the default of each filter list to inclusive or exclusive.
Example: update newyork
NETBIOS Byte newyork Config>
Update Byte-Filter-List Commands
This section describes the commands available at the NETBIOS Byte filter-list config> prompt.
add inclusive or exclusive byte-offset hex-pattern hex-mask
Adds a filter item to the filter list. When you add a filter item, the router numbers the item and displays the number of the filter item you just added.
Note: Adding filter items to filter lists adds to processing time due to the time it takes to evaluate each item in the list. It can affect performance in heavy NetBIOS traffic.
The order in which you enter filter items is important as this determines how the router applies filter items to a packet. The router stops comparing the packet to a filter when it finds the first match.Inclusive (bridged) or exclusive (dropped).
Byte offset is the number of bytes (in decimal) to offset into the packet the router is filtering. This starts at the NetBIOS header of the packet. Zero specifies that the router examines all bytes in the packet.
Hex pattern is a hexadecimal number used to compare with the bytes starting at the byte offset. Syntax rules for hex-pattern include no 0x in front, a maximum of 32 numbers, and an even number of hex numbers.
Hex mask if present, must be the same length as hex pattern. It is logically ANDed with the bytes in the packet, starting at byte offset, before the router compares the result with the hex pattern. If you omit the hex mask, the router considers it to be all binary 1s.
Byte Offset [0]?
Hex Pattern []?
Hex Mask (<CR> for no mask) []?
Byte Offset [0]? 4
Hex Pattern []? 09
Hex Mask (<CR> for no mask) []?
delete filter-item
Deletes a filter item from the filter list. The software immediately renumbers the list. To see a list of item numbers, enter list.
Filter Item Number [1]? 2
list
Displays information related to filter items in the filter list.
BYTE Filter List Name: Enginering
BYTE Filter List Default: Exclusive
Filter Item # Inc/Ex Byte Offset Pattern Mask
1 Inclusive 14 0x123456 0xFFFF00
2 Exclusive 0 0x9876 0xFFFF
3 Exclusive 28 0x1000000 0xFF00FF00
Source Filter Item Number [1]? 3
After Destination Filter Item Number [0]? 1
NETBIOS Name filter-list config> prompt.
add inclusive or exclusive ASCII host-name special-16th-char
Adds a filter item to the name filter list. The router compares the following frames and fields with the information you enter with this command:
ADD_GROUP_NAME_QUERY: Source NetBIOS name field
ADD_NAME_QUERY: Source NetBIOS name field
DATAGRAM: Destination NetBIOS name field
NAME_QUERY: Destination NetBIOS name field
Inclusive (bridged) or exclusive (dropped).
Hostname is an ASCII string up to 16 characters. It can contain any character but the following: . / \ [ ] : | < > + = ; , space. Use ? to indicate a single character wildcard. Use * as the final character of the name to indicate a wildcard for the remainder of the name. If the name contains fewer than 15 characters, it is padded to the 15th character with ASCII spaces.
Special 16th character can be used if host-name has less than 16 characters. It is a hexadecimal number (with no 0x in front of it) that indicates the value for the last character. If you do not specify a 16th character on a name less than 16 characters, the router uses a ? wildcard for the 16th character.
add inclusive ascii
Hostname []? newport
Special 16th character in ASCII hex (<CR> for no special character)[]?
Hexstring must consist of an even number of hexadecimal numbers. Specify a wildcard for a single byte by ??. If you do not supply a full 32 hexadecimal numbers, the router pads ASCII blanks to the 29th and 30th numbers and supplies a wildcard as the 31st and 32nd (16th byte) numbers.
Hex String []?
delete filter-item
Deletes a filter item from the filter list. To see a list of item numbers, enter list.
Filter Item Number [1]? 4
list
Displays information related to items in the specified filter list.
NAME Filter List Name: nlist
NAME Filter List Default: Exclusive
Filter Item # Type Inc/Ex Hostname Last Char
1 ASCII Inclusive EROS
2 ASCII Inclusive ATHENA
3 ASCII Exclusive FOOBAR
Source Filter Item Number [1]?
After Destination Filter Item Number [0]?