Information About Layer 3/4 Policy Maps; Policy Map Guidelines; Feature Directionality; Feature Matching Guidelines Within A Policy Map - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 20
Using Modular Policy Framework
Information About Layer 3/4 Policy Maps
This section describes how Layer 3/4 policy maps work, and includes the following topics:
•
•
•
•
•
•
Policy Map Guidelines
See the following guidelines for using policy maps:
•
•
•
•
Feature Directionality
Actions are applied to traffic bidirectionally or unidirectionally depending on whether the service policy
is applied to an interface or globally. For a service policy that is applied to an interface, all features are
bidirectional; all traffic that enters or exits the interface to which you apply the policy map is affected if
the traffic matches the class map for both directions. When you use a global policy, all features are
unidirectional; features that are normally bidirectional when applied to a single interface only apply to
the ingress of each interface when applied globally. Because the policy is applied to all interfaces, the
policy will be applied in both directions so bidirectionality in this case is redundant.
Feature Matching Guidelines within a Policy Map
See the following guidelines for how a packet matches class maps in a policy map:
•
•
•
For example, if a packet matches a class map for connection limits, and also matches a class map for
application inspection, then both class map actions are applied.
If a packet matches a class map for application inspection, but also matches another class map that
includes application inspection, then the second class map actions are not applied.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Policy Map Guidelines, page 20-15
Feature Directionality, page 20-15
Feature Matching Guidelines within a Policy Map, page 20-15
Order in Which Multiple Feature Actions are Applied, page 20-16
Incompatibility of Certain Feature Actions, page 20-17
Feature Matching Guidelines for Multiple Policy Maps, page 20-18
You can only assign one policy map per interface. (However you can create up to 64 policy maps in
the configuration.)
You can apply the same policy map to multiple interfaces.
You can identify multiple Layer 3/4 class maps in a Layer 3/4 policy map.
For each class map, you can assign multiple actions from one or more feature types, if supported.
See the
"Incompatibility of Certain Feature Actions" section on page
A packet can match only one class map in the policy map for each feature type.
When the packet matches a class map for a feature type, the FWSM does not attempt to match it to
any subsequent class maps for that feature type.
If the packet matches a subsequent class map for a different feature type, however, then the FWSM
also applies the actions for the subsequent class map, if supported. See the
Certain Feature Actions" section on page 20-17
combinations.
Defining Actions (Layer 3/4 Policy Map)
20-17.
for more information about unsupported
"Incompatibility of
20-15
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
