01-02-2014 07:31 AM - edited 03-11-2019 08:24 PM
Hi Everyone,
I am thinking on best way of doing class-map for inspection of traffic coming on a not well-known TCP port.
My question is whether do it via an access-list only, like
access-list in-traff permit tcp host x.x.x.x host y.y.y.y eq 2085
class-map type inspect match-any IN-cmap
match access-group name in-traff
Or, it would be better to do it like this:
access-list in-traff permit tcp host x.x.x.x host y.y.y.y eq 2085
class-map type inspect match-all IN-cmap
match protocol tcp
match access-group name in-traff
Since I have tcp mentioned on ACL already, I am wondering if match protcol tcp would really do any deeper inspection.
Thanks!
Solved! Go to Solution.
01-03-2014 12:45 AM
Hello Farhad,
I will go with the First option (ACL only).
There is no need to go any further as there will be no advantages of a deeper inspection as this is not a well known protocol (And just for you to know on both the match protocol TCP and match access-group name you are matching at layer 4 so it's redundant)
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
01-03-2014 02:04 AM
I agree with jcarvaja, the first option you posted is the better option. you are already defining that the protocol is TCP in the ACL so no need to define it again in the class map.
--
Please remember to rate and select a correct answer
01-03-2014 12:45 AM
Hello Farhad,
I will go with the First option (ACL only).
There is no need to go any further as there will be no advantages of a deeper inspection as this is not a well known protocol (And just for you to know on both the match protocol TCP and match access-group name you are matching at layer 4 so it's redundant)
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
01-03-2014 02:04 AM
I agree with jcarvaja, the first option you posted is the better option. you are already defining that the protocol is TCP in the ACL so no need to define it again in the class map.
--
Please remember to rate and select a correct answer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide