Hi All,
I have the following question,
Class Map type port-filter match-any CLOSED-PORTS (id 1)
Match not port tcp 3020
Match not port udp 3020
Match not port udp 3040
Match not port tcp 3040
Match closed-ports
Prot Local Address Foreign Address
Service State
tcp *:23 *:0
Telnet LISTEN
If I try to telnet to the router, the connection gets dropped, but If I change
the class map to match-all instead of match-any, the connection is established.
I dont understand why thou, as with Match all, I would assume is the same thing
as Zone based firewall where the packet must contain the criteria in the class
map itself.
Anyways, a little clarification would be appreciated.
Cheers,
Mike
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
