none. Advantage of acl is more granularity in defining the match if required by the task.
On Mon, Jul 9, 2012 at 9:27 PM, Ben Shaw <[email protected]> wrote: > Hi All > > I am jsut doing some practice on protocol inspection using MPF on ASA. I > am generally using ACLs to match my traffic in my L3/L4 class maps though > at times the answers I see match just on the port number. > > Apart from being able to define source and destination IP addresses in > ACLs as compared to matching just on a port number in a class map, are > there any deeper benefits to matching on one or the other when using MPF, > especially in regards to then implementing L7 application inspection? Below > is what I mean: > > Option 1 > access-list http-out extended permit tcp any any eq http log > class-map http-outside > match access-list http-out > > Option 2 > class-map http-outside > match port eq 80 > > Thanks > Ben > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
