hit counter script

Creating A Layer 3/4 Class Map For Through Traffic - Cisco 7604 Configuration Manual

Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs Also See for 7604:
Table of Contents

Advertisement

Chapter 20
Using Modular Policy Framework
This limit also includes default class maps of all types. See the
page

Creating a Layer 3/4 Class Map for Through Traffic

A Layer 3/4 class map matches traffic based on protocols, ports, IP addresses and other Layer 3 or 4
attributes.
To define a Layer 3/4 class map, perform the following steps:
Create a Layer 3/4 class map by entering the following command:
Step 1
hostname(config)# class-map class_map_name
hostname(config-cmap)#
Where class_map_name is a string up to 40 characters in length. The name "class-default" is reserved.
All types of class maps use the same name space, so you cannot reuse a name already used by another
type of class map. The CLI enters class-map configuration mode.
(Optional) Add a description to the class map by entering the following command:
Step 2
hostname(config-cmap)# description string
Define the traffic to include in the class by matching one of the following characteristics. Unless
Step 3
otherwise specified, you can include only one match command in the class map.
Tip
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
20-4.
Any traffic—The class map matches all traffic.
hostname(config-cmap)# match any
Access list—The class map matches traffic specified by an extended access list. If the FWSM is
operating in transparent firewall mode, you can use an EtherType access list.
hostname(config-cmap)# match access-list access_list_name
For more information about creating access lists, see the
on page 13-6
or the
"Adding an EtherType Access List" section on page
For information about creating access lists with NAT, see the
When You Use NAT" section on page
TCP or UDP destination ports—The class map matches a single port or a contiguous range of ports.
hostname(config-cmap)# match port {tcp | udp} {eq port_num | range port_num port_num}
For applications that use multiple, non-contiguous ports, use the match access-list command
and define an ACE to match each port.
For a list of ports you can specify, see the
For example, enter the following command to match TCP packets on port 80 (HTTP):
hostname(config-cmap)# match tcp eq 80
Default traffic for inspection—The class map matches the default TCP and UDP ports used by all
applications that the FWSM can inspect.
hostname(config-cmap)# match default-inspection-traffic
Identifying Traffic (Layer 3/4 Class Map)
"Default Class Maps" section on
"Adding an Extended Access List" section
"IP Addresses Used for Access Lists
13-3.
"TCP and UDP Ports" section on page
13-9.
E-11.
20-5

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

7609-s76137606-sCatalyst 6500 series7600 series

Table of Contents