excluding a port from a "match protocol" class-map
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by chris on June 19, 2008, 12:19 pm
Please log in for more thread options I ran into an interesting request/problem on my network today. My marketing team was complaining about getting access to a vendors portal login page that was running on port 4444 tcp. I tracked the problem down to a class-map that was intended to block p2p file sharing applications. --config snip-- class-map match-any p2p match protocol fasttrack file-transfer "*" match protocol gnutella file-transfer "*" match protocol kazaa2 file-transfer "*" match protocol napster ! policy-map block-hogs class p2p drop ! --snip-- I removed the service-policy line in the interface config and the login portal started working. Is there an easy way to enable the service-policy while allowing port 4444? I already contacted the company with the dumb port assignment but they didn't seem to concerned. Thanks all chris | |||||||||||||
|
Posted by alexd on June 19, 2008, 5:19 pm
Please log in for more thread options Which one of the protocols is it matching? Have you considered removing the matching line completely? How many genuine hits do you get on each one? -- <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
22:15:41 up 1 day, 21:56, 2 users, load average: 0.08, 0.04, 0.01
Convergence, n: The act of using separate DSL circuits for voice and data | |||||||||||||
> I ran into an interesting request/problem on my network today. My
> marketing team was complaining about getting access to a vendors portal
> login page that was running on port 4444 tcp. I tracked the problem down
> to a class-map that was intended to block p2p file sharing applications.
>
> --config snip--
> class-map match-any p2p
> match protocol fasttrack file-transfer "*" match protocol gnutella
> file-transfer "*" match protocol kazaa2 file-transfer "*" match
> protocol napster
> !