Cisco Cisco IOS Software Release 12.4(6)T
Tag and Template
class-map
11
Cisco IOS Security Configuration Guide
class-map
To create a class map to be used for matching packets to a specified class, use the class-map command
in global configuration mode. To remove an existing class map from the router, use the no form of this
command.
in global configuration mode. To remove an existing class map from the router, use the no form of this
command.
class-map [type {stack | access-control | port-filter | queue-threshold | tag}]
[match-all | match-any] class-map-name
no class-map [type {stack | access-control | port-filter | queue-threshold | tag}]
[match-all | match-any] class-map-name
Syntax Description
Defaults
No default behavior or values
Command Modes
Global configuration
type stack
(Optional) Enables the flexible packet matching (FPM) functionality to
determine the correct protocol stack in which to examine.
determine the correct protocol stack in which to examine.
If the appropriate protocol header description files (PHDFs) have been
loaded onto the router (via the load protocol command), a stack of protocol
headers can be defined so the filter can determine which headers are present
and in what order.
loaded onto the router (via the load protocol command), a stack of protocol
headers can be defined so the filter can determine which headers are present
and in what order.
type access-control
(Optional) Determines the exact pattern to look for in the protocol stack of
interest.
interest.
Note
You must specify a stack class map (via the type stack keywords)
before you can specify an access-control class map (via the type
access-control keywords).
before you can specify an access-control class map (via the type
access-control keywords).
type port-filter
(Optional) Creates a port-filter class-map that enables the TCP/UDP port
policing of control plane packets.
policing of control plane packets.
When enabled it provides filtering of traffic destined to specific ports on the
Control Plane host subinterface.
Control Plane host subinterface.
type queue-threshold
(Optional) Enables queue thresholding that limits the total number of
packets for a specified protocol that is allowed in the control plane IP input
queue. This feature applies only to control plane host subinterface.
packets for a specified protocol that is allowed in the control plane IP input
queue. This feature applies only to control plane host subinterface.
type tag
(Optional) Creates the tag type class map that can be used to apply the access
control policies on the network access device (NAD) on the basis of the tag
that is received from the access control server (ACS).
control policies on the network access device (NAD) on the basis of the tag
that is received from the access control server (ACS).
match-all | match-any (Optional) Determines how packets are evaluated when multiple match
criteria exist. Packets must either meet all of the match criteria (match-all)
or one of the match criteria (match-any) in order to be considered a member
of the class.
or one of the match criteria (match-any) in order to be considered a member
of the class.
class-map-name
Name of the class for the class map. The name can be a maximum of 40
alphanumeric characters. The class name is used for both the class map and
to configure policy for the class in the policy map.
alphanumeric characters. The class name is used for both the class map and
to configure policy for the class in the policy map.