37-7
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter37 Cisco Common Classifi cation Policy Language
Class Maps
Class map—A subordinate class map providing additional match criteria can
be nested inside another class map.
Class Maps can apply “match any” or “match all” operators to determin e how to
apply the match criteria. If “match any” is specified, traffic must meet only one of
the match criteria in the class map. If “match all” is specified, traffic must match
all of the class map’s criteria to belong to that particular class.
Associate Class Map
To associate a class map with an inspect policy map, complete the following tasks.
Step1 Specify a class map name by clicking the button to the right of the name field and
choosing Add a Class Map, Select a Class Map, or class-default.
Step2 In the Action box, click Pass, Drop, or Inspect. If you click Drop, you can
optionally click Log to have the drop event logged. If you click Inspect, click
Advanced Options to specify the parameter maps, inspection policies, or
policing that you want for the traffic in this class.
Step3 Click OK to close this dialog and return to the Add dialog or the Edit an
Inspection Policy Map dialog.

Class Map Advanced Options

When you choose the inspect action for traffic, you can specify parameter maps,
application inspection, and ZPF policing.

Inspect Parameter Map

Inspect parameter maps specify TCP, DNS, and UDP timeouts and session control
parameters. You can select an existing parameter map. If no parameter map is
configured, this field is disabled. Click Vie w to display the selected parameter
map without leaving this dialog.