Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

acl

What is the purpose of an access-list like the one below?

I know it´s relate to netbios and all the ip address are broadcasts address from client network. I just don´t understand what I am avoiding doing so, relating security issues.

ip access-list extended Local_In

deny udp any host 10.0.0.191 eq netbios-ns

deny udp any host 10.0.0.191 eq netbios-dgm

deny udp any host 10.0.0.255 eq netbios-ns

deny udp any host 10.0.0.255 eq netbios-dgm

deny udp any host 10.0.0.127 eq netbios-ns

deny udp any host 10.0.0.127 eq netbios-dgm

deny udp any host 10.0.255.255 eq netbios-ns

deny udp any host 10.0.255.255 eq netbios-dgm

deny udp any host 10.255.255.255 eq netbios-ns

deny udp any host 10.255.255.255 eq netbios-dgm

deny udp any host 255.255.255.255 eq netbios-ns

deny udp any host 255.255.255.255 eq netbios-dgm

Thanks

Murilo Rocha

1 REPLY
Cisco Employee

Re: acl

What you're doing here is blocking all devices from sending Netbios over IP to the places you defined. In the last two lines, though, you deny everyone, so this list could be replaced with this:

deny udp any any eq 137

deny udp any any eq 138

91
Views
0
Helpful
1
Replies
CreatePlease to create content