Accepted Solutions
- last edited on by
Translator
You're fine. QoS does a number on me too (I just reviewed it...again).
Dont think of my examples as set in stone. The match any/all statements can refer to anything, not just ACLs and DSCP marking.
@Joseph W. Doherty also provided a good example. Lets use it in 2 examples:
class-map match-any TEST
match ip dscp CS3
match ip dscp AF31
match ip dscp AF32
match ip dscp AF33
The
MATCH-ANY
means any packet with any ONE (or more) of these marking will be matched. Now lets try the other one:
class-map match-all TEST
match ip dscp CS3
match ip dscp AF31
match ip dscp AF32
match ip dscp AF33
The
MATCH-ALL
says the packet must contain ALL of the DSCP values in order for the policy to hit.
You can match on lots of other things as well. Here another good example. You can match on routing protocols as well like OSPF or EIGRP. Another great example of match any or all. You may have 2 routing protocols running on a router OSPF/EIGRP being redistributed into each other. Now we know the packet coming into the router CANNOT have both the OSPF and EIGRP information in the SAME packet. They are separate protocols. So lets look at the below scenario:
ip access-list extended EIGRP
permit eigrp any any
ip access-list extended OSPF
permit ospf any any
First we caret 2
access-lists
to identify the routing protocol traffic. Then we apply it to the
class-map
class-map match-all ROUTING
match access-group name OSPF
match access-group name EIGRP
Do you see a problem with this? A stated earlier the incoming packing will NOT have both EIGRP and OSPF in the same packet. So if we try a
match-all
that means we are saying we need to match the packet on the OSPF AND the EIGRP ACL. Since this is not possible it wont match and the policy is useless. Now lets try the
match -any
class-map match-any ROUTING
match access-group name OSPF
match access-group name EIGRP
This says that the packet an
match ANY
of the routing protocols identified. Either OR. So this is a scenario where you want to use the ANY when the packet will have 1 or some of the criteria listed in the
class map
and use ALL when it needs to match all of the criteria specified.
Edited to show that you dont need an ACL and you can match on protocols specifically in the
class-map
R1(config)#class-map EIGRP
R1(config-cmap)#match protocol eigrp
No ACL needed and as you can see a plethora of other protocols can match on.
Hope that clears it up a bit more and feel free to ask more questions if needed.
-David
- last edited on by
Translator
You're fine. QoS does a number on me too (I just reviewed it...again).
Dont think of my examples as set in stone. The match any/all statements can refer to anything, not just ACLs and DSCP marking.
@Joseph W. Doherty also provided a good example. Lets use it in 2 examples:
class-map match-any TEST
match ip dscp CS3
match ip dscp AF31
match ip dscp AF32
match ip dscp AF33
The
MATCH-ANY
means any packet with any ONE (or more) of these marking will be matched. Now lets try the other one:
class-map match-all TEST
match ip dscp CS3
match ip dscp AF31
match ip dscp AF32
match ip dscp AF33
The
MATCH-ALL
says the packet must contain ALL of the DSCP values in order for the policy to hit.
You can match on lots of other things as well. Here another good example. You can match on routing protocols as well like OSPF or EIGRP. Another great example of match any or all. You may have 2 routing protocols running on a router OSPF/EIGRP being redistributed into each other. Now we know the packet coming into the router CANNOT have both the OSPF and EIGRP information in the SAME packet. They are separate protocols. So lets look at the below scenario:
ip access-list extended EIGRP
permit eigrp any any
ip access-list extended OSPF
permit ospf any any
First we caret 2
access-lists
to identify the routing protocol traffic. Then we apply it to the
class-map
class-map match-all ROUTING
match access-group name OSPF
match access-group name EIGRP
Do you see a problem with this? A stated earlier the incoming packing will NOT have both EIGRP and OSPF in the same packet. So if we try a
match-all
that means we are saying we need to match the packet on the OSPF AND the EIGRP ACL. Since this is not possible it wont match and the policy is useless. Now lets try the
match -any
class-map match-any ROUTING
match access-group name OSPF
match access-group name EIGRP
This says that the packet an
match ANY
of the routing protocols identified. Either OR. So this is a scenario where you want to use the ANY when the packet will have 1 or some of the criteria listed in the
class map
and use ALL when it needs to match all of the criteria specified.
Edited to show that you dont need an ACL and you can match on protocols specifically in the
class-map
R1(config)#class-map EIGRP
R1(config-cmap)#match protocol eigrp
No ACL needed and as you can see a plethora of other protocols can match on.
Hope that clears it up a bit more and feel free to ask more questions if needed.
-David
