Skip to Content.
Sympa Menu

wg-multicast - Re: Recommended MSDP ACL (fwd)

Subject: All things related to multicast

List archive

Re: Recommended MSDP ACL (fwd)


Chronological Thread 
  • From: "W. Bruce Curtis" <>
  • To:
  • Subject: Re: Recommended MSDP ACL (fwd)
  • Date: Wed, 8 Dec 1999 09:37:01 -0600 (CST)


I guess that this is more of a report/comment. We just had a problem
related to this on our campus here at NDSU. Here is the report I got from our
help desk.


> One computer in the Spectrum Office, could not log into our Novell servers,
> it kept on giving a "Server not found" or "Tree not found" error, but
> everything was configured correctly. There are two other computers in the
> office, configured the same and not having a problem.

> On the machine that was having a problem, through Network Neighborhood, Jon
> found many Novell Servers. Many more servers then we have here, when the
> user would link to one of these servers, the computers clock would be set
> two hours behind (implying the servers time was two hours behind). Some of
> the servers names include: UI, UI Boise, UI Chem, UI Labs, and UI Library
> (possibly implying University of Idaho).


I got another message later saying that the problem was being seen
on more than one computer and that the local work around is to turn off
the IP option on the new Novell clients which try to use IP before IPX.

I'm out of town right now so I applied the filter for 224.0.1.22 and
224.0.1.35 and I watched the state for those groups expire in our router.
So I assume that it solved the problem for now.I talked to Gordon Rogier
later and found out that those groups are more general and in theory could
be used for lots of purposes besides Novell. So when I get back in town I
may
enable the groups again if it doesn't cause too much of a local problem.
I'm a bit worried that if the Server Location protocol is meant to be
used globally and that we turn it off at all end nodes or in the backbone
then it will never be used globally. On the other hand if it causes a
big headache for our local Novell lan we might have to filter it. Again
I'm out of town so I don't really know the answers to some important
questions like will this be a problem when we upgrade and start using
the newer Novell over IP ourselves. Will our clients always find the
closest server on our campus to find the right tree or will they sometimes
find the remote servers first? Also will we want everybody's Novell servers
showing up in our Network Neighborhood? Probably not. Is there a scope
setting on Novell to prevent these server location etc advertisements
from getting out to far? But I can also envision cases where we collaborate
and would have a user who would like to see the Novell server at another
University.

I don't have all the answers but there certainly is the potential for
problems.

Forwarded message:
>
> Does anybody else have any suggestions/comments/recommendations?
>
> -Kevin
>
> >>Here is the current recommendation:
> >>
> >>access-list 111 deny ip any host 224.0.2.2
> >>access-list 111 deny ip any host 224.0.1.3
> >>access-list 111 deny ip any host 224.0.1.24
> >>access-list 111 deny ip any host 224.0.1.22
> >>access-list 111 deny ip any host 224.0.1.2
> >>access-list 111 deny ip any host 224.0.1.35
> >>access-list 111 deny ip any host 224.0.1.60
> >>access-list 111 deny ip any host 224.0.1.39
> >>access-list 111 deny ip any host 224.0.1.40
> >>access-list 111 deny ip any 239.0.0.0 0.255.255.255
> >>access-list 111 deny ip 10.0.0.0 0.255.255.255 any
> >>access-list 111 deny ip 127.0.0.0 0.255.255.255 any
> >>access-list 111 deny ip 172.0.0.0 0.255.255.255 any
> >>access-list 111 deny ip 192.0.0.0 0.255.255.255 any
> >>access-list 111 permit ip any any
>
>


--
Bruce Curtis

Network Consultant 701-231-8527
Certified NetAnalyst II My computer loves NeXTmail.
North Dakota State University



  • Re: Recommended MSDP ACL (fwd), W. Bruce Curtis, 12/08/1999

Archive powered by MHonArc 2.6.16.

Top of Page