Associating a policy map with an interface activates the
policy. Example 6-28 shows how to apply the service policy mypolicy, which was created in Example 6-27, to
the outside interface.
Example 6-28. Assign Policy to an Interface
hostname(config)# service-policy mypolicy interface outside
Alternatively, the same service policy can be applied to all the interfaces globally, as shown in Example 6-29.
Example 6-29. Assign Policy Globally to All Interfaces
hostname(config)# service-policy mypolicy global
Here is another example showing how to use the MPF with the TCP normalization feature. As discussed earlier,
TCP normalization is an advanced feature for examining TCP header information in TCP-based connections to
identify and drop packets that do not appear normal. Part of the TCP normalization feature is to drop any
packets that exceed the Maximum Segment Size (MSS) value set by the peer. To disable this feature and allow
such packets, a TCP map needs to be created and used with the MPF to make exception to the default behavior.
Example 6-30 shows how to create a TCP map that is used in the MPF to match all TCP packets and thereby
allow MSS packets by setting an allow action in the advance TCP connection settings.
Pages:
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319