We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 651 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

451 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Forum Replies

  1. Hello Rene

    Thanks for your feedback, and then, what’s the best way to get the port numbers of some particular applications?




  2. Hi Dong,

    If you have “well known” applications like HTTP, FTP, telnet, SSH, etc. then it’s easy to look them up. You can google for the RFCs to find the official documentation. Here’s an example for HTTP:


    If it’s an application from some vendor, contact them…most of them offer an overview with addresses / protocols / port numbers that should be allowed. Here’s a good example from Airwatch:


    Hope this helps.


  3. Hi, Rene,
    my question is, how can I classify the encrypted traffic of a certain traffic category? If I want to classify all streaming video traffic and I don’t know the ports or IP addresses of the video streaming sources. And we know that great deal of traffic is encrypted (https) nowadays.
    Is there a possibility?



  4. Hi Rene,

    Can you give me an example of using match not classification ?? and in situation we used it ??

  5. Hello Hussein.

    The match not criterion for a class map matching statement essentially says “anything that doesn’t match what follows”. It is similar to “not equal to” in programming or logic. If we use the example in the lesson, and the command entered was:

    R2(config-cmap)#match not access-group name TELNET

    then the result would be that the policy map would match everything EXCEPT what is found in the access-list named TELNET.
    In other words, the policy would match everything and would not match anything using port 23.

    It is just another tool to be able to ex

    ... Continue reading in our forum

5 more replies! Ask a question or join the discussion by visiting our Community Forum