I am Confirming PF requires match-all. Others comments are correct. Regards,
Tyson Scott CCIE # 13513 (R&S, Security, SP) Managing Partner/Technical Instructor - IPexpert Inc. [email protected] ----- Reply message ----- From: "Jim Terry" <[email protected]> Date: Sun, May 8, 2011 12:10 am Subject: [OSL | CCIE_Security] match-all or match-any for control-plane port-filter To: "Kingsley Charles" <[email protected]> Cc: "[email protected]" <[email protected]> Hi all, I thought I would add my confusion on this thread of match-all/match-any..... I have not labbed this scenario;but the last time I looked at this I tried match-any (which in my mind should work) but I had to do match-all for it to work with the port-filter. JT On Sat, May 7, 2011 at 12:37 AM, Kingsley Charles < [email protected]> wrote: > Hi all > > Should we use "match-all" or "match-any", when using multiple criterias in > the port-filter class-map. I thought "any" was the correct one. > > > Snippet from > http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_prot_ps6441_TSD_Products_Configuration_Guide_Chapter.html > > Router(config)# class-map type port-filter pf-class > > Router(config-cmap)# match not port udp 123 > > Router(config-cmap)# match closed-ports > > Router(config-cmap)# exit > > Router(config)# policy-map type port-filter pf-policy > > Router(config-pmap)# class pf-class > > Router(config-pmap-c)# drop > > Router(config-pmap-c)# end > > > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.platinumplacement.com/> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
