From: Bob Sinclair (bsin@cox.net)
Date: Tue Oct 19 2004 - 20:00:09 GMT-3
Cert,
If you have this configured, then please do "show access-lists" and "show
policy-map interface". The output should answer your question, and perhaps
you would share it with us. The docs say that "common classification"
occurs befor acls. See link here:
http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml
Bob Sinclair
CCIE #10427, CISSP, MCSE
www.netmasterclass.net
----- Original Message -----
From: "Cisco Net" <network.cisco@gmail.com>
To: "Group Study" <ccielab@groupstudy.com>
Sent: Tuesday, October 19, 2004 6:47 PM
Subject: Service policy or acces-list for the traffic control ?
> Hi
> I have a service policy defined on the interface to match all the
> incoming http packets and drop.
>
> At the same time i have an ACL specified on the same interface
> (incoming) as to deny all the http packets.
>
> Which one of this action will be taken first ? ACL or service policy.?
>
> So if i have the following to be denyed,
> Incoming http, ftp, smtp , telnet. Also the question says to not use any
> acls
> for smtp/telnet traffic control and should use acl for ftp/smtp. Then
> can i use the following,
> 1- http/ftp with acl (IN)
> 2- smtp/telnet with service policy (IN) with match protocol and drop
> Regards
> Cert
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:50 GMT-3