Guess that I should have been a littler clearer on what is going on. Out at remote offices we have users/Tech's installing software in testing environments. There is no reason for their local Test Domain to be seen outside of that office.
This is separate from our Single production domain, which as you can imagine needs to be visible and accessible everywhere. Some offices do have separate LAB interfaces or VLAN's for these testing environment, but those that don't and still put up test domains get those "really creative : ) " Domain names floating everywhere. My goal in all this, or what I'm trying to accomplish, is make it so that at any office, I only see our corporate Domain, and perhaps, a local domain if the office doesn't have a test lab. I am working with our NT Server guys to see how they can lock this down as well, and I suspect that the actual job may land on them with filtering WINS updates. Thanks Larry -----Original Message----- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 01, 2002 6:46 PM To: [EMAIL PROTECTED] Subject: RE: Filtering NT domain listings at the router [7:54668] Roberts, Larry wrote: > > Hey all, > > Just curious if anyone has any links on filtering the domains on their > network at the router. > We are having a large amount of NT domains that are showing up > internally, > and I would like to start blocking these advertisements at the > remote > routers. I could be wrong here, but you shouldn't have to block these advertisements. They should get blocked by default. From what I understand, the default behavior would be that you would not see NT domains that aren't local. Resource advertisement on NT networks is based on NetBIOS naming, which uses UDP in a TCP/IP environment, and sends to the broadcast address, which should not be forwarded by routers. So I would look for a non-default router configuration line, in particular an ip helper address that is causing broadcasts to leak over into your network. Unless Cisco has finally changed this annoying behavior recently, (I think I heard that they did?), configuring a helper address causes lots of UDP broadcast traffic to get forwarded. You might have added a helper address to get DHCP to work and as a side affect caused the following broadcasts to also get forwarded: TFTP (port 69) DNS (port 53) Time (port 37) NetBIOS naming (port 137) NetBIOS datagram (port 138) TACACS (port 49) The fix is to add the ip forward-protocol udp command for the stuff you want and no ip forward-protocol udp for the stuff you don't want. If this doesn't help, just let us know. Thanks. __________________________ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > Is this possible ? I can't figure out how, but I suspect that if it > can be done, someone on this list has done it. > > > > Thanks > > Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54730&t=54668 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
