Flexible Packet Matching from Sadiq Yakasai on 2010-03-18 (Ccielab archives 03/2010)

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Date: Thu, 18 Mar 2010 17:24:35 +0000

All,

So would there be any difference between the 2 solutions below. I dont have
the right image to configure and test, so there might be syntax issues here.
I am mostly curious about the approach.

Thanks again, as usual.

Sadiq

Solution 1:
class-map type stack match-all TELNET
match field ip protocol eq 0x6 next tcp
match field tcp dest-port eq 23

policy-map type access-control INTERFACE_POLICY
class TELNET
drop

Solution 2:
class-map type access-control match-any TELNET
match field tcp dest-port eq 23
match field tcp source-port eq 23

class-map type stack match-all TCP
match field ip protocol eq 0x6 next tcp

policy-map type access-control BLOCK_TELNET
class TELNET
drop

policy-map type access-control INTERFACE_POLICY
class TCP
service-policy BLOCK_TELNET

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net

Received on Thu Mar 18 2010 - 17:24:35 ART

This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:35 ART