Matt, I agree with your point that for match-any class , it may have matched on first entry (closed-ports) and dropped udp-848 traffic. Now by the same logic, if we reverse the two entries, then ALL traffic except Udp-848 will be dropped because everything else will match the first entry. :-)
There is a very useful link on Cisco DOCS - http://www.cisco.com/web/about/security/intelligence/understanding-cppr.html#5 It list all the ports that are listed as closed even if those services are running on the router (isakmp, ntp, gdoi .....) Regards, Karthik
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
