Notable Replies

  1. Hello Rene

    Thanks for your feedback, and then, what’s the best way to get the port numbers of some particular applications?




  2. Hi Dong,

    If you have “well known” applications like HTTP, FTP, telnet, SSH, etc. then it’s easy to look them up. You can google for the RFCs to find the official documentation. Here’s an example for HTTP:

    If it’s an application from some vendor, contact them…most of them offer an overview with addresses / protocols / port numbers that should be allowed. Here’s a good example from Airwatch:

    Hope this helps.


  3. Hi, Rene,
    my question is, how can I classify the encrypted traffic of a certain traffic category? If I want to classify all streaming video traffic and I don’t know the ports or IP addresses of the video streaming sources. And we know that great deal of traffic is encrypted (https) nowadays.
    Is there a possibility?



  4. Hi Rene,

    Can you give me an example of using match not classification ?? and in situation we used it ??

  5. Hello Hussein.

    The match not criterion for a class map matching statement essentially says “anything that doesn’t match what follows”. It is similar to “not equal to” in programming or logic. If we use the example in the lesson, and the command entered was:

    R2(config-cmap)#match not access-group name TELNET

    then the result would be that the policy map would match everything EXCEPT what is found in the access-list named TELNET.
    In other words, the policy would match everything and would not match anything using port 23.

    It is just another tool to be able to express what you require to be matched in the policy map and can be useful to more specifically define your requirements.

    I hope this has been helpful!


Continue the discussion

5 more replies!