Re: Different between class-map and ACL from Adam Booth on 2012-06-07 (Ccielab archives 06/2012)

From: Adam Booth <adam.booth_at_gmail.com>
Date: Fri, 8 Jun 2012 07:32:03 +1000

Hi Don,

I think that it is fair to say that as a general rule, if there's more than
one way to achieve an outcome and the restrictions don't forbid it, pick
whichever resolves the problem that you're most comfortable with.
In some instances, your choice may be guided by requirements in other
sections. There's always the proctor but you need to form your question in
such a way as to show you know what your options are and to help ensure you
are reading the question in the right light.

Cheers,
Adam

On Fri, Jun 8, 2012 at 7:13 AM, Don Rajaratne <don.rajaratne_at_gmail.com>wrote:

> Hi Thanks. Yes I got the same error. I sorted out the confusion with copp.
>
> How about with shaping and policing? I have seen some questions mentioned
> just to match icmp traffic,no specific source or destination. In that case
> which one is more accurate?
>
>
> Thanks again..
>
>
> On Fri, Jun 8, 2012 at 12:35 AM, Alexei Monastyrnyi <alexeim73_at_gmail.com
> >wrote:
>
> > Hi.
> >
> > Have you tried applying it to the control-plane?
> >
> > I don't think NBAR protocol matching is supported on the control-plane.
> >
> > Router(config)#do sh run class-map
> > Building configuration...
> >
> > Current configuration : 56 bytes
> > !
> > class-map match-all ICMP
> > match protocol icmp
> > !
> > end
> >
> > Router(config)#do sh run policy-map
> > Building configuration...
> >
> > Current configuration : 57 bytes
> > !
> > policy-map PM_ICMP
> > class ICMP
> > police 8000
> > !
> > end
> >
> > Router(config)#control-plane
> > Router(config-cp)#service-policy in PM_ICMP
> > Unsupported protocol in 'match protocol'
> > Unsupported protocol in 'match protocol'
> > error: failed to install policy map PM_ICMP
> >
> >
> > HTH
> > A.
> >
> > On 6/8/2012 6:11 AM, Don Rajaratne wrote:
> >
> > Hi People,
> >
> > Will be the output same or differ?? Question says limit the outgoing
> icmp
> > messages on control plane policing.
> >
> > ip access-list ex ICMP
> > permit icmp any any
> >
> > class-map ICMP
> > match access-group name ICMP
> >
> > OR
> >
> > class-map ICMP
> > match protocol icmp
> >
> > Thanks in advance..
> >
> > Don
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 08 2012 - 07:32:03 ART

This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:52 ART