Cisco 7604 Configuration Manual page 507
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 22
Applying Application Layer Protocol Inspection
To enable SCCP inspection or change the default port used for receiving SCCP traffic, perform the
following steps:
Name the traffic class by entering the following command in global configuration mode:
Step 1
hostname(config)# class-map class_map_name
Replace class_map_name with the name of the traffic class, for example:
hostname(config)# class-map sccp_port
When you enter the class-map command, the CLI enters the class map configuration mode, and the
prompt changes, as in the following example:
hostname(config-cmap)#
In the class map configuration mode, define the match command, as in the following example:
Step 2
hostname(config-cmap)# match port tcp eq 2000
hostname(config-cmap)# exit
hostname(config)#
To assign a range of continuous ports, enter the range keyword, as in the following example:
hostname(config-cmap)# match port tcp range 2000-2010
To assign more than one non-contiguous port for SCCP inspection, enter the access-list extended
command and define an ACE to match each port. Then enter the match command to associate the access
lists with the SCCP traffic class.
Name the policy map by entering the following command:
Step 3
hostname(config)# policy-map policy_map_name
Replace policy_map_name with the name of the policy map, as in the following example:
hostname(config)# policy-map sample_policy
The CLI enters the policy map configuration mode and the prompt changes accordingly, as follows:
hostname(config-pmap)#
Specify the traffic class defined in
Step 4
command:
hostname(config-pmap)# class class_map_name
For example, the following command assigns the sccp_port traffic class to the current policy map:
hostname(config-pmap)# class sccp_port
The CLI enters the policy map class configuration mode and the prompt changes accordingly, as follows:
hostname(config-pmap-c)#
Step 5
(Optional) To change the default port used by the FWSM for receiving SCCP traffic, enter the following
command:
hostname(config-pmap-c)# inspect skinny
Step 6
Return to policy map configuration mode by entering the following command:
hostname(config-pmap-c)# exit
hostname(config-pmap)#
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Step 1
to be included in the policy map by entering the following
Skinny (SCCP) Inspection
22-91
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
