06-17-2013 10:42 AM - edited 03-07-2019 01:55 PM
What's the difference between these two approaches and which one is recommended in what scenarios?
ip access-list extended ICMP
permit icmp any any
class-map ICMP
match access-group name ICMP
vs
class-map ICMP
match protocol ICMP
06-17-2013 11:50 AM
Hi,
they do the same thing but by using the match protocol you are leveraging either NBAR if you do it for QoS or PAM if you do it for ZBF.with the ACL you could be more granular by specifying the code and subcode.
Regards
Alain
Don't forget to rate helpful posts.
12-23-2013 06:30 PM
I am with the similar query in my mind and ultimately reach to this discussion.
But in CCIE R&S LAB, what should be the correct approach?
Again is there ANY technical functionality difference between these two methods.
12-23-2013 11:29 PM
In the CCIE lab you can use any technology you wish unless there are restrictions. If they wanted you to use ACLs the task could be worded like "Use a feature that uses the least amount of CPU to perform the task". If they wanted NBAR it could be something like "Use a feature that inspects at layer 7 to perform the classification".
Daniel Dib
CCIE #37149
Please rate helpful posts.
12-24-2013 01:33 AM
Thanks Daniel,
Very helpful and to the point response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide