Microsoft KB Archive/139675

= TN3270: Limiting Users by Port Value =

Article ID: 139675

Article Last Modified on 11/19/2003

-

APPLIES TO


 * Microsoft SNA Server 3.0
 * Microsoft SNA Server 2.11 Service Pack 1
 * Microsoft SNA Server 2.11 Service Pack 2

-



This article was previously published under Q139675



SUMMARY
By default, the SNA Server TN3270 server allows a client to connect using any port value and IP address. While it is possible to configure the range of IP addresses that have access to a pool or LU, TN3270 server always hard codes the port value range to (00000, 65535). There is no way to change this using the TN3270 Admin program.



WORKAROUND
To implement checking on a given port range, the TN3270 server configuration file (TNSVRCFG.TNC) must be manually edited.

For example:

This sample TN3270 configuration file shows one TN3270 pool configured to allow any client Internet protocol address or client port number access to the LUA LUs in the pool.   [SNA Resource 1] Name=TNTEST Sessions=16 MaxSessions=16 TerminalName1=IBM-3276-3 TerminalName2=IBM-3278-3 TerminalName3=IBM-3278-3-E TerminalName4=IBM-3279-3 TerminalName5=IBM-3279-3-E

[Group 1] Name=TNTEST Comment= SNAResource1=TNTEST IPConnection1=000.000.000.000,000.000.000.000,00000,65535 To modify the available port numbers change the last two numbers (00000,65535) to the desired range.

Example Two:   [SNA Resource 1] Name=TNTEST Sessions=16 MaxSessions=16 TerminalName1=IBM-3276-3 TerminalName2=IBM-3278-3 TerminalName3=IBM-3278-3-E TerminalName4=IBM-3279-3 TerminalName5=IBM-3279-3-E

[Group 1] Name=TNTEST Comment= SNAResource1=TNTEST IPConnection1=000.000.000.000,000.000.000.000,50000,60000 This sets the allowable client port range to 50000-60000. Any client attempting to connect with a different local port number will be denied. If this occurs, the following TN3270 errors will occur:

On the client machine:

Warning 512

TN3270 Service Error 512

Access for IP address  port

is not configured.

On the server machine:

Warning 603

TN3270 session with client at  > using LU  terminated abnormally because:

Access for IP address   is

not configured.

Explanation: A TN3270 client session was terminated abnormally.

Action: No action is necessary.

Additional query words: prodsna

Keywords: KB139675

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.