cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2170
Views
0
Helpful
3
Replies

NETBios broadcast on switch with ASA firewall

David Lin
Level 1
Level 1

Greetings,

I have two network sites now. Both two sites are using Cisco switch. The difference is one site has Cisco ASA firewall connected (Inside interface of ASA firewall is the default gateway for all internal hosts).

When I debug the ip packet detail on each 2 site's switch. The one with ASA firewall keeps receieving the Netbios(UDP137/138) broadcast from Windows servers. This packet will slow down the some TCP connection setup(like SQL query). Can anyone tell me why it's different between my two sites? Thanks a lot.

5d18h: IP: s=192.168.5.26 (Vlan5), d=192.168.5.255 (Vlan5), len 229, rcvd 3

5d18h: UDP src=138, dst=138

5d18h: IP: s=192.168.5.26 (Vlan5), d=192.168.5.255, len 229, stop process pak for forus packet

5d18h: UDP src=138, dst=138

5d18h: IP: s=192.168.5.40 (Vlan5), d=192.168.5.255 (Vlan5), len 78, rcvd 3

5d18h: UDP src=137, dst=137

5d18h: IP: s=192.168.5.40 (Vlan5), d=192.168.5.255, len 78, stop process pak for forus packet

5d18h: UDP src=137, dst=137

3 Replies 3

andrewswanson
Level 7
Level 7

hello

are you using the ASA's IP address as a helper-address anywhere? if you are, helper adresses forward netbios udp137 and 138 (as well as dhcp and a few others).

to stop a helper address from forwarding netbios 137/138 use:

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

hth

andy

Hi Andy,

I didn't use any ip forward for any switch. I can't find it in the configuration either.

Both two swich are the same model(C4948), same IOS version, same configuration.

Thanks a lot.

I issued below commands but the broadcast persists.

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: