Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3995
Views
15
Helpful
5
Replies

Access-list (blocking ports)

Go to solution
Josiah Inubio
Level 1
Level 1

‎05-30-2013 10:24 PM - edited ‎03-07-2019 01:39 PM

Hi guys,

I want to block ports 443, 5223, 3478. Anyone can help me if I'm doing the right thing? Below are the commands. Thanks.

access-list 100 deny   tcp any any eq 443

access-list 100 deny   udp any any eq 443

access-list 100 deny   tcp any any eq 5223

access-list 100 deny   udp any any eq 5223

access-list 100 deny   tcp any any eq 3478

access-list 100 deny   udp any any eq 3478

access-list 100 permit ip any any

int s0/0/0

ip access-group 100 in

end

wr

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Bilal Nawaz
VIP Alumni
VIP Alumni

‎05-30-2013 11:10 PM

Hello, you need to be sure about whether the traffic is TCP or UDP... You have just created ACL entries for both. Is this correct?

Apart from that, your config looks good.

Normally 443 is TCP but maybe you have a requirement to block UDP too... We don't want to inadvertently block something that might be legitimate traffic.

5223 seems like TCP also however not quite sure about 3478.

All related to Apple or Gaming I think, is that right?

Just doing a quick google on those ports and you may be able to find if its TCP or UDP that you require to block. Or you may know this information already.

Hope this helps

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎05-30-2013 11:10 PM

Hi,

This is correct.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
Bilal Nawaz
VIP Alumni
VIP Alumni

‎05-30-2013 11:10 PM

Hello, you need to be sure about whether the traffic is TCP or UDP... You have just created ACL entries for both. Is this correct?

Apart from that, your config looks good.

Normally 443 is TCP but maybe you have a requirement to block UDP too... We don't want to inadvertently block something that might be legitimate traffic.

5223 seems like TCP also however not quite sure about 3478.

All related to Apple or Gaming I think, is that right?

Just doing a quick google on those ports and you may be able to find if its TCP or UDP that you require to block. Or you may know this information already.

Hope this helps

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

Go to solution
Josiah Inubio
Level 1
Level 1
In response to Bilal Nawaz

‎05-30-2013 11:16 PM

Is there any sites or materials that might be helpful finding information regarding those ports or any ports? ip cache flow only shows in hex and we needed to convert it to dec.

i'm not quite sure of these ports if it's related to Apple or Gaming, i'm still looking for any helpful materials talking about this.

but anyway guys thanks for the help.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Josiah Inubio

‎05-30-2013 11:19 PM

Hi,

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
Bilal Nawaz
VIP Alumni
VIP Alumni
In response to Josiah Inubio

‎05-30-2013 11:23 PM

http://www.iana.org/assignments/port-numbers

http://www.speedguide.net/port.php?port=443

http://www.speedguide.net/port.php?port=5223

http://www.speedguide.net/port.php?port=3478

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Customers Also Viewed These Support Documents