|
Command or Action |
Purpose |
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
- Enter your password if prompted.
|
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode. |
|
parameter-map type inspect parameter-map-name
Example:
Router(config)# parameter-map type inspect insp-pmap
|
Configures an inspect parameter map for connecting thresholds, timeouts, and other parameters pertaining to the inspect action.
- Enters parameter-map type inspect configuration mode.
|
|
alert {on | off}
Example:
Router(config-profile)# alert on
|
(Optional) Turns on and off Cisco IOS stateful packet inspection alert messages that are displayed on the console. |
|
audit-trail {on | off}
Example:
Router(config-profile)# audit-trail on
|
(Optional) Turns audit trail messages on or off. |
|
class-map type inspect protocol-name [match-any| match-all] class-map-name
Example:
Router(config-profile)# class-map type inspect skinnycmap match-any protocol skinny
|
Creates a class map for the Skinny protocol so that you can enter match criteria.
- Enters class-map configuration mode.
|
|
policy-map type inspect policy-map-name
Example:
Router(config-profile)# policy-map type inspect skinnypmap
|
Creates a policy map so that you can enter match criteria.
- Enters policy map configuration mode.
|
|
class type inspect class-map-name
Example:
Router(config-profile)# class type inspect skinnycmap
|
Specifies the name of the class on which an action is to be performed.
- The value of the class-map-name argument must match the appropriate class name specified via the class-map type inspect command.
|
|
zone security name
Example:
Router(config-profile)# zone security z1
|
Creates a zone for phone 1.
- Enters global configuration mode.
|
|
zone security name
Example:
Router(config-profile)# zone security z2
|
Creates a zone for phone 2. |
|
exit
Example:
Router(config-profile)#exit
|
Exits profile configuration mode. |
|
zone-pair security zone-pair-name {source source-zone-name| self} destination [self | destination-zone-name]
Example:
Router(config)# zone-pair security z1-self source z1 destination self
|
Creates a zone-pair.
- Enters security zone-pair configuration mode.
|
|
service-policy type inspect policy-map-name
Example:
Router(config-sec-zone-pair)# service-policy type inspect skinnypmap
|
Attaches a firewall policy map to the destination zone-pair.
- If a policy is not configured between a pair of zones, traffic is dropped by default.
- Enters global configuration mode.
|
|
interface type number
Example:
Router(config)# interface FastEthernet4/1
|
Specifies the type of interface to be configured and the port, connector, or interface card number. |
|
zone-member security zone-name
Example:
Router(config-sec-zone-pair)# zone-member security z1
|
Specifies the name of the security zone to which an interface is attached. |