Hello Kings, I just tested this and it looks like "match-any" seems to work?
I used this example *class-map type port-filter match-any testing* * match port tcp 23* * match closed-ports* * * *policy-map type port-filter testing* * class testing* * drop* * * *control-plane host* * service-policy type port-filter input testing* I telnetted to the router, and that traffic was dropped by the first match clause (i.e *match port tcp 23*) , and then i also try to SSH into the router , which was dropped by the second clause (i.e *match closed-ports*). So the match-any clause seems to be working fine. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
