Example 6-26. Configuring Class-Map to Identify Traffic (Using Match Port)
hostname(config)# class-map identify_http_packets
hostname(config-cmap)# match port tcp eq www
Step 2??”Creating a Policy Map
Use the policy-map global configuration command to create a policy map by associating the traffic class-map
created in Step 1 with one or more actions that should be taken when a match occurs in a given traffic class. An
action protects information or resources or performs a QoS function. Examples include specifying the maximum
number of simultaneous connections, enabling inspection, or rate limiting the packets. Several types of actions
are available. Example 6-27 shows how to create a policy-map called mypolicy from the global configuration
mode and reference the HTTP traffic class-map identify_http_packets created previously by specifying an
action to set the maximum number of TCP embryonic connections limit to 1000.
Example 6-27. Configuring Policy-Map and Assigning Class-Map
hostname(config)# policy-map mypolicy
hostname(config-pmap)# class identify_http_packets
hostname(config-pmap-c)# set connection embryonic-conn-max 1000
Step 3??”Applying a Policy
Use the service-policy command from the global configuration mode to apply the policy globally to all the
Security Appliance interfaces or on a specific interface.
Pages:
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318