class-map? match access-list?

LearnAsIGoLearnAsIGo Member Posts: 20 ■□□□□□□□□□
Studying about application inspection:
access-list MY_EXAMPLE permit tcp any host X.X.X.X eq 25
class-map MY_EXAMPLE
match access-list MY_EXAMPLE

My understanding:
1) Access list permits SMTP traffic from anybody to this specific host X.X.X.X

After reading on
2) class-map classifies traffic that will be inspected.
3) match access-list identifies traffic to be scanned.

To me, 2 & 3 sound very similar. I see the difference, but I don't SEE the difference. Any help to push me off the fence?

Bottom Line ===> What's the deciding factor I need to differentiate the two?

As always, much thanks in advance.


  • rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□

    this is all about subject and object kind of thing.

    the process order will determined your PBR execution.

    the object is the access-list which has to be created first in order the map-class scanning function to work.
    the subject is the map-class which scan your access-list.

    so - sometimes is good to just knowing the basic idea.

    the More I know, that is more and More I dont know.
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    Class-maps are used to match a hugh range of variables, one of those variables that can be matched is an access-list.The class-map can perform either an AND or OR operation on these variables depending on how you configure it.You can also stack the class-maps inside each other so it gives you hugh flexibility.
    So an access-list has a basic matching function whereas the class-map can have the basic matching functionality of an access-list and a whole lot more.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • LearnAsIGoLearnAsIGo Member Posts: 20 ■□□□□□□□□□
    Rossonieri,Ed - thanks for replying.

    Both of you cleared up the techno-speak I've not yet grown accustomed to reading.

    I've played around with these on the rack sessions, and I do seem to understand them more and more.

    My understanding now is:

    1) class-maps have an entire sphere of VERSATILITY, which encompasses access-lists.

    2) access-lists are not as ROBUST as class-maps, being kinda like a hammer - obviously used only specifically to pound a nail in.

    Whereas a class-map is a tool-box, which of course can include a hammer as well as other toolkits/boxes (as Ed said, "stack class-maps within each other").
Sign In or Register to comment.