NETBios broadcast on switch with ASA firewall

Unanswered Question
Oct 19th, 2009

Greetings,

I have two network sites now. Both two sites are using Cisco switch. The difference is one site has Cisco ASA firewall connected (Inside interface of ASA firewall is the default gateway for all internal hosts).

When I debug the ip packet detail on each 2 site's switch. The one with ASA firewall keeps receieving the Netbios(UDP137/138) broadcast from Windows servers. This packet will slow down the some TCP connection setup(like SQL query). Can anyone tell me why it's different between my two sites? Thanks a lot.

5d18h: IP: s=192.168.5.26 (Vlan5), d=192.168.5.255 (Vlan5), len 229, rcvd 3

5d18h: UDP src=138, dst=138

5d18h: IP: s=192.168.5.26 (Vlan5), d=192.168.5.255, len 229, stop process pak for forus packet

5d18h: UDP src=138, dst=138

5d18h: IP: s=192.168.5.40 (Vlan5), d=192.168.5.255 (Vlan5), len 78, rcvd 3

5d18h: UDP src=137, dst=137

5d18h: IP: s=192.168.5.40 (Vlan5), d=192.168.5.255, len 78, stop process pak for forus packet

5d18h: UDP src=137, dst=137

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andrewswanson Tue, 10/20/2009 - 02:14

hello

are you using the ASA's IP address as a helper-address anywhere? if you are, helper adresses forward netbios udp137 and 138 (as well as dhcp and a few others).

to stop a helper address from forwarding netbios 137/138 use:

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

hth

andy

David Lin Tue, 10/20/2009 - 10:30

Hi Andy,

I didn't use any ip forward for any switch. I can't find it in the configuration either.

Both two swich are the same model(C4948), same IOS version, same configuration.

Thanks a lot.

David Lin Thu, 10/22/2009 - 07:48

I issued below commands but the broadcast persists.

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

Actions

This Discussion