SG uses accesslist to match workstation ip address and IRC port going to any server it seems to me given the fact that we are given the url we would use nbar matching the url and host name and the acl to get the work station ip add.Here is what I did

ip access-list standard irc->ws

permit host

class-map match-all IRC

match access-group name irc->ws

match protocol irc

match protocol http host internetworkexpert.com

match protocol http url #ccie

Then I added this class-map to the policy-map with the priorty 32 statement... This seems a little more specific also a little more configuration then the SG for 7.4. I think I get caught up in all the specifics when they give them but isn't what they'll do in the CCIE lab??

Sign In or Register to comment.