KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q190446: Restricting Access to TN3270 LUs

Article: Q190446
Product(s): Microsoft SNA Server
Version(s): WINDOWS:3.0,3.0 SP1,3.0 SP2,3.0 SP3,4.0,4.0 SP1
Operating System(s): 
Keyword(s): 
Last Modified: 24-SEP-1999

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft SNA Server, versions 3.0, 3.0 SP1, 3.0 SP2, 3.0 SP3, 4.0, 4.0 SP1 
-------------------------------------------------------------------------------

SUMMARY
=======

To restrict access to TN3270 LUs configured for SNA Server, add the IP addresses
or names of the workstations to which you want to grant access in the IP Address
List of the LU properties in SNA Server Manager. Depending on the information
(name, IP address, subnet mask) that is entered in the IP Address List, you can
restrict the LU to one specific IP address or a range of addresses on the
network.

NOTE: If no IP address or name restriction is configured for a TN3270 LU, then
the LU is implicitly made available for use by any TN3270 client who attempts to
connect to the server.

MORE INFORMATION
================

Restricting Access by IP Address
--------------------------------

When an IP address and subnet mask is added to the IP Address List, the LU can be
restricted to the workstation with that specific IP address, or to any
workstation on the same network. SNA Server will logically "AND" the IP address
with the subnet mask, to determine what workstation IP addresses are allowed
access to the LU. The process of ANDing involves converting the IP address and
subnet mask to binary numbers and adding the two together. The examples below
illustrate this concept:

1. 

  IP Address = 010.100.004.022  Subnet Mask = 255.255.000.000

  IP Address   00001010  01100100  00000100  00010110
  Subnet Mask  11111111  11111111  00000000  00000000
               --------------------------------------
  Result       00001010  01100100  00000000  00000000

  The AND result in decimal is 010.100.000.000 Therefore, addresses
  010.100.000.001 - 010.100.255.254 have access to the LU.

2. 

  IP Address = 010.100.004.022  Subnet Mask = 255.255.255.255

  IP Address   00001010  01100100  00000100  00010110
  Subnet Mask  11111111  11111111  11111111  11111111
               --------------------------------------
  Result       00001010  01100100  00000100  00010110

  The AND result in decimal is 010.100.004.022. Therefore, this is the only
  address that has access to the LU.

3. 

  IP Address = 131.107.100.001  Subnet Mask = 255.255.240.0

  IP Address   10000011  01101011  01100100  00000001
  Subnet Mask  11111111  11111111  11110000  00000000
               --------------------------------------
  Result       10000011  01101011  01100000  00000000

  The AND result in decimal is 131.107.096.000. Therefore, addresses
  131.107.096.001 - 131.107.111.254 have access to the LU.

Restricting Access by Name
--------------------------

If a name is entered in the IP Address List for the TN3270 LU, SNA Server will
resolve the name to the workstation using NetBios name resolution. There is no
option to add a subnet mask. To use this feature, the TN3270 server must be
configured with the Use Name Resolution checkbox, and the TCP/IP name resolution
method (for example, DNS, WINS, and so on) must be able to support ?IP address
to name? lookups. If not, the TN3270 client computer must be able to respond to
a NETBIOS ?node status query? request. To find the TN3270 client's name, the
TN3270 server uses the GetHostByAddr() sockets function.

For additional information, please see the following article in the Microsoft
Knowledge Base:

  Q138086 Windows NT 3.51: Reverse Name Resolution for WINS Clients

Additional query words:

======================================================================
Keywords          :  
Technology        : kbAudDeveloper kbSNAServSearch kbSNAServ300 kbSNAServ400 kbSNAServ300SP3 kbSNAServ300SP1 kbSNAServ400SP1 kbSNAServ300SP2
Version           : WINDOWS:3.0,3.0 SP1,3.0 SP2,3.0 SP3,4.0,4.0 SP1
Issue type        : kbinfo

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.