Thursday, February 11, 2010

Defining granular policies.

Example how to create class-maps. First, we can specify class map with match-any statement and then combine it with access-list in second class-map along with match-all keyword to define policy for particular subnet/host:
class-map type inspect match-any self—service-cmap
 match protocol tcp
 match protocol udp
 match protocol icmp
 match protocol h323
!
class-map type inspect match-all to-self-cmap
 match class-map self—service-cmap
 match access-group 120
 The second class-map means: check  the match of both access-list and ANY of the protocol specified in first class-map.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)