match protocol ftp

From: ccie-cs@comcast.net
Date: Wed Jul 14 2004 - 16:58:22 GMT-3

Hi, Team,
If I am asked to configure a class map to match ftp traffic, AND the router has NBAR feature enabled, i.e. you can match layer 4 protocols instead of using ACL, which configuration below should I use? The "match protocol ftp" is simpler, but I have not idea which ports does it match? Could anyone help?
1) Use match protocol
   class ftp
      match protocol ftp
2) Use ACL
   class ftp
      match access-group 110
   access-list 110 permit tcp any any eq ftp
   access-list 110 permit tcp any eq ftp any
   access-list 110 permit tcp any any eq ftp-data
   access-list 110 permit tcp any eq ftp-data any
   access-list 110 permit tcp any gt 1023 any (i am not sure this line???)
   access-list 110 permit tcp any any gt 1023 (????)
Thanks,
Mike

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:55 GMT-3