Please ignore the line " match field tcp source-port eq 23" below when
analyzing the config!
On Thu, Mar 18, 2010 at 5:24 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:
> All,
>
> So would there be any difference between the 2 solutions below. I dont have
> the right image to configure and test, so there might be syntax issues here.
> I am mostly curious about the approach.
>
> Thanks again, as usual.
>
> Sadiq
>
> Solution 1:
> class-map type stack match-all TELNET
> match field ip protocol eq 0x6 next tcp
> match field tcp dest-port eq 23
>
> policy-map type access-control INTERFACE_POLICY
> class TELNET
> drop
>
> Solution 2:
> class-map type access-control match-any TELNET
> match field tcp dest-port eq 23
> match field tcp source-port eq 23
>
> class-map type stack match-all TCP
> match field ip protocol eq 0x6 next tcp
>
> policy-map type access-control BLOCK_TELNET
> class TELNET
> drop
>
> policy-map type access-control INTERFACE_POLICY
> class TCP
> service-policy BLOCK_TELNET
>
> --
> CCIE #19963
>
-- CCIE #19963 Blogs and organic groups at http://www.ccie.netReceived on Thu Mar 18 2010 - 18:12:50 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:35 ART