For port-filter always use match-all. With regards Kings
On Wed, Apr 25, 2012 at 6:22 AM, Mike Rojas <[email protected]> wrote: > Hi All, > > I have the following question, > > Class Map type port-filter match-any CLOSED-PORTS (id 1) > Match not port tcp 3020 > Match not port udp 3020 > Match not port udp 3040 > Match not port tcp 3040 > Match closed-ports > > Prot Local Address Foreign > Address Service State > tcp *:23 > *:0 Telnet LISTEN > > If I try to telnet to the router, the connection gets dropped, but If I > change the class map to match-all instead of match-any, the connection is > established. I dont understand why thou, as with Match all, I would assume > is the same thing as Zone based firewall where the packet must contain the > criteria in the class map itself. > > Anyways, a little clarification would be appreciated. > > Cheers, > > Mike > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
