cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1748
Views
15
Helpful
4
Replies

Matching ICMP in class maps

christiano.tsuma
Beginner
Beginner

What's the difference between these two approaches and which one is recommended in what scenarios?

ip access-list extended ICMP

permit icmp any any

class-map ICMP

match access-group name ICMP

vs

class-map ICMP

match protocol ICMP

4 Replies 4

cadet alain
Mentor
Mentor

Hi,

they do the same thing but  by using the match protocol you are leveraging either NBAR if you do it for QoS or PAM if you do it for ZBF.with the ACL you could be more granular by specifying the code and subcode.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

I am with the similar query in my mind and ultimately reach to this discussion.

But in CCIE R&S LAB, what should be the correct approach?

Again is there ANY technical functionality difference between these two methods.

In the CCIE lab you can use any technology you wish unless there are restrictions. If they wanted you to use ACLs the task could be worded like "Use a feature that uses the least amount of CPU to perform the task". If they wanted NBAR it could be something like "Use a feature that inspects at layer 7 to perform the classification".

Daniel Dib
CCIE #37149

Please rate helpful posts.

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

Thanks Daniel,

Very helpful and to the point response.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers