Defining actions (layer 3/4 policy map) – Cisco ASA 5505 User Manual

32-15

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 32 Configuring a Service Policy Using the Modular Policy Framework

Defining Actions (Layer 3/4 Policy Map)

Detailed Steps

Defining Actions (Layer 3/4 Policy Map)

This section describes how to associate actions with Layer 3/4 class maps by creating a Layer 3/4 policy
map.

Restrictions

The maximum number of policy maps is 64, but you can only apply one policy map per interface.

Command

Purpose

Step 1

class-map type management

class_map_name

Example:

hostname(config)# class-map type

management all_mgmt

Creates a management class map, where class_map_name is a
string up to 40 characters in length. The name “class-default” is
reserved. All types of class maps use the same name space, so you
cannot reuse a name already used by another type of class map.
The CLI enters class-map configuration mode.

Step 2

(Optional)

description

string

Example:

hostname(config-cmap)# description All

management traffic

Adds a description to the class map.

Step 3

Match traffic using one of the following:

Unless otherwise specified, you can include only one match
command in the class map.

match

access-list access_list_name

Example:

hostname(config-cmap)# match access-list

udp

Matches traffic specified by an extended access list. If the ASA is
operating in transparent firewall mode, you can use an EtherType
access list.

match

port {tcp | udp} {eq port_num |

range

port_num port_num}

Example:

hostname(config-cmap)# match tcp eq 80

Matches TCP or UDP destination ports, either a single port or a
contiguous range of ports.

Tip

For applications that use multiple, non-contiguous ports,
use the match access-list command and define an ACE to
match each port.