EasyManuals Logo

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1077 background imageLoading...
Page #1077 background image
1-15
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring a Service Policy Using the Modular Policy Framework
Defining Actions (Layer 3/4 Policy Map)
Creating a Layer 3/4 Class Map for Management Traffic
For management traffic to the ASA, you might want to perform actions specific to this kind of traffic.
You can specify a management class map that can match an access list or TCP or UDP ports. The types
of actions available for a management class map in the policy map are specialized for management
traffic. See the “Supported Features” section on page 1-2.
Detailed Steps
Defining Actions (Layer 3/4 Policy Map)
This section describes how to associate actions with Layer 3/4 class maps by creating a Layer 3/4 policy
map.
Restrictions
The maximum number of policy maps is 64, but you can only apply one policy map per interface.
Command Purpose
Step 1
class-map type management class_map_name
Example:
hostname(config)# class-map type
management all_mgmt
Creates a management class map, where class_map_name is a
string up to 40 characters in length. The name “class-default” is
reserved. All types of class maps use the same name space, so you
cannot reuse a name already used by another type of class map.
The CLI enters class-map configuration mode.
Step 2
(Optional)
description string
Example:
hostname(config-cmap)# description All
management traffic
Adds a description to the class map.
Step 3
Match traffic using one of the following: Unless otherwise specified, you can include only one match
command in the class map.
match access-list access_list_name
Example:
hostname(config-cmap)# match access-list
udp
Matches traffic specified by an extended access list. If the ASA is
operating in transparent firewall mode, you can use an EtherType
access list.
match port {tcp | udp} {eq port_num |
range port_num port_num}
Example:
hostname(config-cmap)# match tcp eq 80
Matches TCP or UDP destination ports, either a single port or a
contiguous range of ports.
Tip For applications that use multiple, non-contiguous ports,
use the match access-list command and define an ACE to
match each port.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
ModelASA 5505
InterfacesVaries by model (Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, etc.)
High AvailabilityActive/Standby or Active/Active (varies by model)
Power SupplyVaries by model
Form FactorVaries by model
Operating SystemCisco ASA Software
IPsec VPNSupported
SSL VPNSupported
IPS ThroughputVaries by model

Related product manuals