Re: HTTP blocks TN3270

brian.price · ‎01-02-2002

I added and access-list to one of our 7206s to stop HTTP traffic to a specific location. Unfortunately, it also blocked required TN3270 traffic too. Any information would be greatly appreciated. Here are the lines entered:

access-list 104 deny tcp any host 167.102.100.91 eq www

access-list 104 deny udp any host 167.102.100.91 eq 80

access-list 104 deny tcp any host 167.102.100.97 eq www

access-list 104 deny udp any host 167.102.100.97 eq 80

Thanks!

millerv · ‎01-02-2002

whats the listen-port set to?

brian.price · ‎01-02-2002

No IP CASA setup for listening...I suppose the defaults are setup. I'll review the SH TECH and review further. What would I be hoping to find, and why?

Thanks so much.

shen.lu · ‎01-02-2002

If you want to block only HTTP in 167.102.100.91, I think you need only one command, not two:

access-list 104 deny tcp any host 167.102.100.91 eq www

(You don't need "access-list 104 deny udp any host 167.102.100.91 eq 80".)

brian.price · ‎01-02-2002

Why would the UDP EQ 80 block a telnet application (i.e. 23) or the ability to ping? This seems to be the case but I will test it very early in the morning tomorrow before anyone arrives.

s.fathinia · ‎01-09-2002

Brian,

Are the above four lines the only lines in the ACL?? if so then you need a line to actually permit some type of traffic as there is an implicit "deny any any" at the end of the ACL. i.e

access-list 104 permit ip any any