excluding a port from a

excluding a port from a "match protocol" class-map
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
excluding a port from a "match protocol" class-map chris 06-19-2008
Posted by chris on June 19, 2008, 12:19 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi all,
I ran into an interesting request/problem on my network today. My
marketing team was complaining about getting access to a vendors
portal login page that was running on port 4444 tcp.
I tracked the problem down to a class-map that was intended to block
p2p file sharing applications.

--config snip--
class-map match-any p2p
match protocol fasttrack file-transfer "*"
match protocol gnutella file-transfer "*"
match protocol kazaa2 file-transfer "*"
match protocol napster
!
policy-map block-hogs
class p2p
drop
!
--snip--

I removed the service-policy line in the interface config and the
login portal started working.

Is there an easy way to enable the service-policy while allowing port
4444? I already contacted the company with the dumb port assignment
but they didn't seem to concerned.

Thanks all
chris

home networking made easy, greater protection, less stress, introducing nm 5.0, 728x90
Posted by alexd on June 19, 2008, 5:19 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Thu, 19 Jun 2008 09:19:09 -0700, chris wrote:

> Hi all,
> I ran into an interesting request/problem on my network today. My
> marketing team was complaining about getting access to a vendors portal
> login page that was running on port 4444 tcp. I tracked the problem down
> to a class-map that was intended to block p2p file sharing applications.
>
> --config snip--
> class-map match-any p2p
> match protocol fasttrack file-transfer "*" match protocol gnutella
> file-transfer "*" match protocol kazaa2 file-transfer "*" match
> protocol napster
> !

Which one of the protocols is it matching? Have you considered removing
the matching line completely? How many genuine hits do you get on each
one?

--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
22:15:41 up 1 day, 21:56, 2 users, load average: 0.08, 0.04, 0.01
Convergence, n: The act of using separate DSL circuits for voice and data

Similar ThreadsPosted
TCP/UDP port or protocol-based routing February 6, 2006, 3:38 pm
Is this even possible? (Excluding Subnet from Global NAT) October 12, 2005, 1:28 am
Cisco 877 & DHCP not excluding addresses July 3, 2006, 6:02 am
Problem with Catalyst 6500 and HP Auto Port Agregation protocol July 7, 2005, 9:36 pm
ASA - Match ACL Command & Radius November 9, 2006, 3:21 pm
Match ip rtp is not supported for this interface September 21, 2007, 1:27 am
NAT Match Host and PIX Alternative August 5, 2008, 4:19 pm
VPN Access-list failing to match March 22, 2005, 9:04 pm
Cisco VPN v3.5.3 - Cannot match policy entry December 1, 2005, 10:01 pm
Given an IP Address: How to determine quickly which ACLs match. December 14, 2004, 7:40 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map