4-31
Cisco 4700 Series Application Control Engine Appliance Administration Guide
OL-11157-01
Chapter 4 Configuring Class Maps and Policy Maps
Configuring Layer 3 and Layer 4 Class Maps
• eq port_number—Specifies that the TCP or UDP port number must match the
specified value. Enter an integer from 0 to 65535. A value of 0 instructs the
ACE to include all ports. Alternatively, you can enter the name of a
well-known TCP port as listed in Table 4-7 or a well-known UDP port as
listed in Table 4-8.
• range port1 port2—Specifies a port range to use for the TCP or UDP port.
Valid port ranges are from 0 to 65535. A value of 0 instructs the ACE to match
all ports.
A single class map can have multiple match port comma
nds. You may combine
multiple match port, match access-list, match source-address, and match
destination-address commands in a class map.
For example, to specify that t
he class map is to match on TCP port number 23
(Telnet client), enter:
host1/Admin(config)# class-map L4_TCPPORT_CLASS
host1/Admin(config-cmap)# match p
ort tcp eq 23
To clear the TCP or UDP port number match criteria from the class map, enter:
host1/Admin(config-cmap)# no match port tcp eq 23
Defining the Source IP Address and Subnet Mask Match Criteria
To specify the client source IP address and subnet mask as the Layer 3 and Layer
4 network traffic matching criteria, use the match source-address command in
class map configuration mode.
The syntax of this command is:
[l
ine_number] match source-address ip_address mask
The arguments are:
• line_number—(Optional) Line number to identify individual match
commands. Enter an integer from 2 to 255 as the line number. You can enter
no line_number to delete long match commands instead of entering the entire
line. The line numbers do not dictate a priority or sequence for the match
statements.
• ip_address—Source IP address of the client. Enter the IP address in
dotted-decimal notation (for example, 192.168.11.1).
To Next Page
Loading...
