Cisco ASA Series Cli Configuration Manual page 1077

Software version 9.0 for the services module

Hide thumbs Also See for ASA Series:

Configuration manual (429 pages)

Getting started (31 pages)

Mount and connect (12 pages)

Table of Contents

Configuring a Service Policy Using the Modular Policy Framework

Creating a Layer 3/4 Class Map for Management Traffic

For management traffic to the ASA, you might want to perform actions specific to this kind of traffic.

You can specify a management class map that can match an access list or TCP or UDP ports. The types

of actions available for a management class map in the policy map are specialized for management

traffic. See the

Detailed Steps

class-map type management class_map_name

hostname(config)# class-map type

management all_mgmt

description string

hostname(config-cmap)# description All

management traffic

Match traffic using one of the following:

match access-list access_list_name

hostname(config-cmap)# match access-list

match port {tcp | udp} {eq port_num |

range port_num port_num}

hostname(config-cmap)# match tcp eq 80

Defining Actions (Layer 3/4 Policy Map)

This section describes how to associate actions with Layer 3/4 class maps by creating a Layer 3/4 policy

Restrictions

The maximum number of policy maps is 64, but you can only apply one policy map per interface.

"Supported Features" section on page

Creates a management class map, where class_map_name is a

string up to 40 characters in length. The name "class-default" is

reserved. All types of class maps use the same name space, so you

cannot reuse a name already used by another type of class map.

The CLI enters class-map configuration mode.

Adds a description to the class map.

Unless otherwise specified, you can include only one match

command in the class map.

Matches traffic specified by an extended access list. If the ASA is

operating in transparent firewall mode, you can use an EtherType

access list.

Matches TCP or UDP destination ports, either a single port or a

contiguous range of ports.

Defining Actions (Layer 3/4 Policy Map)

For applications that use multiple, non-contiguous ports,

use the match access-list command and define an ACE to

match each port.

Cisco ASA Series CLI Configuration Guide

Show Quick Links

Chapters

Table of Contents

Troubleshooting

Cisco ASA Series Cli Configuration Manual page 1077

Hide quick links:

Chapters

Troubleshooting

Related Manuals for Cisco ASA Series

Related Products for Cisco ASA Series

This manual is also suitable for:

Table of Contents