Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to control Netbios broadcast in an Switching environment?

I don't want those PC can see each other in their "network Neighbor". those PC is in the same VLAN.

Using Private Vlan? or other ways?

6 REPLIES
New Member

Re: How to control Netbios broadcast in an Switching environment

pvlan or protected port will prevent devices to reach other even via unicast and needs a router to talke to each other but yes it will prevent PC's seeing each other. Layer2 broadcast is going to be sent to all ports in the same vlan.

New Member

Re: How to control Netbios broadcast in an Switching environment

Pvlan isnot a good way! we have many layer switch, if use Pvlan, we need configure it in every layer switch.

another question, does catalyst 1924 support Pvlan?

what is protected port? how to configure it?

New Member

Re: How to control Netbios broadcast in an Switching environment

i think this is a microsoft problem. you should contact an expert in microsoft and ask him what service should you disable to stop udp packets that r responsables of viewing other PCs in the neighboring networks

New Member

Re: How to control Netbios broadcast in an Switching environment

No! I don't think so.

Microsoft use Netbios broadcast to discover neighbor. the question is whether we can control netbios and other protocol traffic in our switch!!!

Foundry switch has a command "uplink-switch", it's function is "Configures a set of ports within a port-based VLAN as uplink ports for the VLAN. All broadcast and unknown unicast traffic goes only to the uplink ports, not to the other ports in the VLAN".

Foundry can do it ! Cisco cann't do???

in MAN environment, many,many customers don't have enough knowledge about computer, they don't know how to close Netbios in their computer, but they don't want be seen by other customers in the same building(using one switch) . the requirement is reasonable very much. so , we need to control those netbios broadcast in our switch.

Foundry technic isn't enough, we should not only just forward all broadcast packet to some dedicated port, but also forwand dedicated protocol, drop dedicated protocol packet according specical requirement.

Can we do it with CISCO? Will we do it with Cisco?

New Member

Re: How to control Netbios broadcast in an Switching environment

First, you have switches, not firewall that do switching, keep that in mind. May be a software based approach can help you, like using a firewall program in each PC, something like ZoneAlarm. If you continue thinking that you need to resolve it via hardware, you may analyse if it's possible to install a firewall and filter traffic there, but it probably need also some IP addresses reassigment.

By the way, your mails look a little aggressive with so many exclamations y questions signs. Try to be more polite.

Regards,

Cisco Employee

Re: How to control Netbios broadcast in an Switching environment

Is it a NetBIOS over Netbeui or IP you are trying to surpress. Private VLANs can be configured to prevent the PCs from talking to each other and only the router.

Some older, access-layer switches (2900xl, 3500xl, 1900) have the network port feature which forces all unknown unicast out the network port.

On newer platforms, you could use MAC VACLs and/or IP VACLS. You could force the Netbios over IP broadcast packetsto be dropped. Most platforms are just on the verge, if not already, for support of MAC VACLs and VACLs.

Switch#sh vlan access-map

Vlan access-map "TEST" 1

Match clauses:

ip address: 100

Action:

forward

Switch#sh access-list 100

Extended IP access list 100

permit udp any host 255.255.255.255 eq 1000

deny udp any any eq netbios-ns

deny udp any any eq netbios-dgm

329
Views
0
Helpful
6
Replies
CreatePlease to create content