Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

HTTP blocks TN3270

I added and access-list to one of our 7206s to stop HTTP traffic to a specific location. Unfortunately, it also blocked required TN3270 traffic too. Any information would be greatly appreciated. Here are the lines entered:

access-list 104 deny tcp any host 167.102.100.91 eq www

access-list 104 deny udp any host 167.102.100.91 eq 80

access-list 104 deny tcp any host 167.102.100.97 eq www

access-list 104 deny udp any host 167.102.100.97 eq 80

Thanks!

5 REPLIES
New Member

Re: HTTP blocks TN3270

whats the listen-port set to?

New Member

Re: HTTP blocks TN3270

No IP CASA setup for listening...I suppose the defaults are setup. I'll review the SH TECH and review further. What would I be hoping to find, and why?

Thanks so much.

New Member

Re: HTTP blocks TN3270

If you want to block only HTTP in 167.102.100.91, I think you need only one command, not two:

access-list 104 deny tcp any host 167.102.100.91 eq www

(You don't need "access-list 104 deny udp any host 167.102.100.91 eq 80".)

New Member

Re: HTTP blocks TN3270

Why would the UDP EQ 80 block a telnet application (i.e. 23) or the ability to ping? This seems to be the case but I will test it very early in the morning tomorrow before anyone arrives.

New Member

Re: HTTP blocks TN3270

Brian,

Are the above four lines the only lines in the ACL?? if so then you need a line to actually permit some type of traffic as there is an implicit "deny any any" at the end of the ACL. i.e

access-list 104 permit ip any any

106
Views
0
Helpful
5
Replies