Cisco Cisco Packet Data Interworking Function (PDIF) Guía De Administador
Intelligent Traffic Control
▀ Configuring Flow-based Traffic Policing
▄ Cisco ASR 5x00 Home Agent Administration Guide
262
Important:
In this mode classification match rules added sequentially with match command to form a Class-
Map. To change and/or delete or re-add a particular rule user must delete specific Class-Map and re-define it.
configure
context <vpn_context_name> [ -noconfirm ]
class-map name <class_name> [ match-all | match-any ]
match src-ip-address <src_ip_address> [ <subnet_mask> ]
match dst-ip-address <dst_ip_address> [ <subnet_mask> ]
match source-port-range <initial_port_number> [ to <last_port_number> ]
match dst-port-range <initial_port_number> [ to <last_port_number> ]
match protocol [ tcp | udp | gre | ip-in-ip ]
match ip-tos <service_value>
match ipsec-spi <index_value>
match packet-size [ gt | lt ] <size>
end
Notes:
<vpn_context_name>
is the name of the destination context in which you want to configure the flow-based
traffic policing.
<class_name>
is the name of the traffic class to map with the flow for the flow-based traffic policing. A
maximum of 32 class-maps can be configured in one context.
For description and variable values of these commands and keywords, refer to the Class-Map Configuration
Mode Commands chapter of the Command Line Interface Reference.
Configuring Policy Maps
This section provides information and instructions for configuring the policy maps on the system to support flow-based
traffic policing.
traffic policing.
configure
context <vpn_context_name>
policy-map name <policy_name>
class <class_name>
type { static | dynamic }
access-control { allow | discard }