From: Neil Moore (neil@droopy.com)
Date: Wed Jul 14 2004 - 23:54:50 GMT-3
I would ask the proctor in a format such as "which do you prefer for the
answer .. An access-list based method or a protocol discovery method."
My 2cents.
-Neil
----- Original Message -----
From: <ccie-cs@comcast.net>
To: <comserv@groupstudy.com>; <ccielab@groupstudy.com>
Sent: Wednesday, July 14, 2004 2:58 PM
Subject: match protocol ftp
> Hi, Team,
> If I am asked to configure a class map to match ftp traffic, AND the
router has NBAR feature enabled, i.e. you can match layer 4 protocols
instead of using ACL, which configuration below should I use? The "match
protocol ftp" is simpler, but I have not idea which ports does it match?
Could anyone help?
> 1) Use match protocol
> class ftp
> match protocol ftp
> 2) Use ACL
> class ftp
> match access-group 110
> access-list 110 permit tcp any any eq ftp
> access-list 110 permit tcp any eq ftp any
> access-list 110 permit tcp any any eq ftp-data
> access-list 110 permit tcp any eq ftp-data any
> access-list 110 permit tcp any gt 1023 any (i am not sure this line???)
> access-list 110 permit tcp any any gt 1023 (????)
> Thanks,
> Mike
> _____________________________________________________________________
> Subscription information: http://www.groupstudy.com/list/comserv.html
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:56 GMT-3