As per my understanding , The child class-map *web* will match packets either from http or https because its *match-any* but since the parent class map client is *match-all* so it has to match both the criteria i.e the access list and protocol defined in the class-map *web* , if any thing between the 2 conditions doesnot match or none of them matches then class map will not work.
so in this case "10.0.0.0/24 to port 80 or 10.0.0.0/24 to port 443 " will be matched in the parent class , since your ACL permits that IP range and your class map web permits the protocols. On Sat, May 25, 2013 at 7:58 PM, max kamali <[email protected]> wrote: > Morning, hope everyone is enjoying their weekend. > > Is it correct to assume that the class-map client will match: 10.0.0.0/24to > port 80 or > 10.0.0.0/24 to port 443 ? > > class-map match-all client > match access-group 1 > match class-map web > > > class-map match-any web > match protocol http > match protocol secure-http > > access-list 1 permit 10.0.0.0 0.0.0.255 > > > thanks > max > ______________________________**_________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/**mailman/listinfo/ccie_rs<http://onlinestudylist.com/mailman/listinfo/ccie_rs> > -- Bhaskar _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
