From: Carlos G Mendioroz (tron@huapi.ba.ar)
Date: Wed Oct 20 2004 - 06:46:32 GMT-3
I may be sleepy (well, I'm certainly am) but isn't service policy an
outbound traffic related config ?
Bob Sinclair wrote:
> Cert,
>
> If you have this configured, then please do "show access-lists" and
> "show policy-map interface". The output should answer your question,
> and perhaps you would share it with us. The docs say that "common
> classification" occurs befor acls. See link here:
>
> http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml
>
>
> Bob Sinclair
> CCIE #10427, CISSP, MCSE
> www.netmasterclass.net
>
> ----- Original Message ----- From: "Cisco Net" <network.cisco@gmail.com>
> To: "Group Study" <ccielab@groupstudy.com>
> Sent: Tuesday, October 19, 2004 6:47 PM
> Subject: Service policy or acces-list for the traffic control ?
>
>
>> Hi
>> I have a service policy defined on the interface to match all the
>> incoming http packets and drop.
>>
>> At the same time i have an ACL specified on the same interface
>> (incoming) as to deny all the http packets.
>>
>> Which one of this action will be taken first ? ACL or service policy.?
>>
>> So if i have the following to be denyed,
>> Incoming http, ftp, smtp , telnet. Also the question says to not use
>> any acls
>> for smtp/telnet traffic control and should use acl for ftp/smtp. Then
>> can i use the following,
>> 1- http/ftp with acl (IN)
>> 2- smtp/telnet with service policy (IN) with match protocol and drop
>> Regards
>> Cert
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:50 GMT-3