Thanks Tyson...its make more sense now.
________________________________ From: Tyson Scott <[email protected]> To: Vybhav Ramachandran <[email protected]>; wale ogunyemi <[email protected]> Cc: OSL Security <[email protected]> Sent: Tue, December 28, 2010 2:20:17 PM Subject: RE: [OSL | CCIE_Security] Lab 11 Task 1.7 The reason I prefer using the access-list over the port command is an access-list will increase the hit counter letting me know whether my policy is working or not. That doesn't happen with the match port command. But the results of the two commands below are very similar. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor- IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com From:[email protected] [mailto:[email protected]] On Behalf Of Vybhav Ramachandran Sent: Monday, December 27, 2010 10:37 PM To: wale ogunyemi Cc: OSL Security Subject: Re: [OSL | CCIE_Security] Lab 11 Task 1.7 Hello Wale, The "match port" command, matches the destination port of the packet. This doesn't give you as many options as the match access-list (where you can match , SrcIP, SrcPort,DestIP,DestPort ). Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
