Search this Blog

Wednesday, November 20, 2013

How to configure new class maps in a policy map that is already defined?


We have created a class-map, a policy-map and a service-policy on the interface gig0/0 to block msn-messenger.  
We are going to be creating more class-map’s, to block the other applications (peer-to peer programs, and some web pages) but  not sure how to configure them into the interface that we want

1. Does a single interface support multiple service-policies commands?

2.Should we configure the new class-maps’s that we are going to define into the same policy-map that is already defined?

1. Yes, you can have one input and one output Service policy per interface. So the best thing is to define multiple class maps in the same policy.

2. Yes, you might.  You might also define multiple match statements within the same class-map.  Or, if a match statement is invoking an ACL, that ACL could have multiple statements.  It all depends on what you're match requirements are.

Remember within the policy map, class maps are processed sequentially until a class is matched.  Within a class map, match statements are also processed sequentially, but whether the process stops on an individual match statement depends on whether the class-map is using match-any or match-all.

Also keep in mind, depending on your platform, class map match statements might allow NBAR matching which can examine packets beyond just port numbers.  For example, TCP port 80 is normally used by HTTP, but the port might be used for something else or HTTP might use a different port number.  "Match protocol http", I believe, should look for HTTP statements within the packet, i.e. it should match (or not) regardless of the port being used.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */