Chapter 21
Configuring Advanced Connection Features
hostname(config-pmap-c)# deny skype
hostname(config-pmap-c)# deny yahoo
hostname(config-pmap-c)# deny eDonkey
The following example denies all traffic except for Kazaa and eDonkey:
hostname(config-pmap-c)# deny all
hostname(config-pmap-c)# permit kazaa
hostname(config-pmap-c)# permit eDonkey
Note
Activate the policy map on one or more interfaces by entering the following command:
Step 4
hostname(config)# service-policy policymap_name {global | interface interface_name}
Where global applies the policy map to all interfaces, and interface applies the policy to one interface.
Only one global policy is allowed. You can override the global policy on an interface by applying a
service policy to that interface. You can only apply one policy map to each interface.
The following is an example configuration for PISA integration:
hostname(config)# access-list BAD_APPS extended permit 10.1.1.0 255.255.255.0 10.2.1.0
255.255.255.0
hostname(config)# class-map denied_apps
hostname(config-cmap)# description "Apps to be blocked"
hostname(config-cmap)# match access-list BAD_APPS
hostname(config-cmap)# policy-map denied_apps_policy
hostname(config-pmap)# class denied_apps
hostname(config-pmap-c)# deny skype
hostname(config-pmap-c)# deny yahoo
hostname(config-pmap-c)# deny eDonkey
hostname(config-pmap-c)# service-policy denied_apps_policy inside
Configuring the Switch for PISA/FWSM Integration
This section describes how to configure the switch for PISA/FWSM integration and includes the
following topics:
•
•
•
•
•
PISA Limitations and Restrictions
The following limitations and restrictions apply to the PISA:
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
For a class map with the permit and deny commands, you cannot also include any inspect
commands.
PISA Limitations and Restrictions, page 21-7
Changing the MTU on the Switch to Support Longer Packet Length, page 21-8
Configuring Classification on the PISA, page 21-8
Configuring Tagging on the PISA, page 21-8
Sample Switch Configurations for PISA Integration, page 21-9
Permitting or Denying Application Types with PISA Integration
21-7