32-15
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter32 Configuring a Service Policy Using the Modular Policy Framework
Defining Actions (Layer 3/4 Policy Map)
Detailed Steps
Defining Actions (Layer 3/4 Policy Map)
This section describes how to associate actions with Layer 3/4 class maps by creating a Layer 3/4 policy
map.
Restrictions
The maximum number of policy maps is 64, but you can only apply one policy map per interface.
Command Purpose
Step1 class-map type management class_map_name
Example:
hostname(config)# class-map type
management all_mgmt
Creates a management class map, where class_map_name is a
string up to 40 characters in length. The name “class-default” is
reserved. All types of class maps use the same name space, so you
cannot reuse a name already used by another type of class map.
The CLI enters class-map configuration mode.
Step2 (Optional)
description string
Example:
hostname(config-cmap)# description All
management traffic
Adds a description to the class map.
Step3 Match traffic using one of the following: Unless otherwise specified, you can include only one match
command in the class map.
match access-list access_list_name
Example:
hostname(config-cmap)# match access-list
udp
Matches traffic specified by an extended access list. If the ASA is
operating in transparent firewall mode, you can use an EtherType
access list.
match port {tcp | udp} {eq port_num |
range port_num port_num}
Example:
hostname(config-cmap)# match tcp eq 80
Matches TCP or UDP destination ports, either a single port or a
contiguous range of ports.
Tip For applications that use multiple, non-contiguous ports,
use the match access-list command and define an ACE to
match each port.