|
Command or Action |
Purpose |
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
-
Enter your password if prompted.
|
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode. |
|
ip wccp service-id
Example:
Router(config)# ip wccp 61
|
Enters the WCCP dynamically defined service identifier number. |
|
ip inspect waas enable
Example:
Router(config)# ip inspect waas enable
|
Enables the Cisco IOS firewall inspection so that WAAS optimization can be discovered.
Note |
If an ISR router along with Cisco IOS Firewall is deployed as an intermediary router inside the WAAS optimization path, the ip inspect waas enable command should be used to enable WAAS awareness and interoperability. If the router is not configured for optimization awareness, the optimized traffic would violate the TCP activity expectations, and the firewall would drop the traffic. |
|
|
class-map type inspect class-name
Example:
Router(config)# class-map type inspect most-traffic
|
Creates an inspect type class map for the traffic class and enters QoS class-map configuration mode.
Note |
The class-map type inspect most-trafficcommand is hidden. |
|
|
match protocol protocol-name [signature]
Example:
Router(config-cmap)# match protocol http
|
Configures match criteria for a class map on the basis of a specified protocol and enters security zone configuration mode.
-
Only Cisco IOS stateful packet inspection-supported protocols can be used as match criteria in inspect type class maps.
-
signature--Signature-based classification for peer-to-peer (P2P) packets is enabled.
|
|
exit
Example:
Router(config-sec-zone)# exit
|
Returns to global configuration mode. |
|
policy-map type inspect policy-map-name
Example:
Router(config)# policy-map type inspect p1
|
Creates a Layer 3 and Layer 4 inspect type policy map and enters QoS policy-map configuration mode. |
|
class class-default
Example:
Router(config-pmap)# class class-default
|
Specifies the matching of the system default class.
-
If the system default class is not specified, unclassified packets are matched.
|
|
class-map type inspect class-name
Example:
Router(config-pmap)# class-map type inspect most-traffic
|
Specifies the firewall traffic (class) map on which an action is to be performed and enters QoS policy-map class configuration mode. |
|
inspect
Example:
Router(config-pmap-c)# inspect
|
Enables Cisco IOS stateful packet inspection. |
|
exit
Example:
Router(config-pmap-c)# exit
|
Exits QoS policy-map class configuration mode and enters policy map configuration mode. |
|
exit
Example:
Router(config-pmap)# exit
|
Exits policy map configuration mode and enters global configuration mode. |
|
zone security zone-name
Example:
Router(config)# zone security zone1
|
Creates a security zone to which interfaces can be assigned and enters security zone configuration mode. |
|
description line-of-description
Example:
Router(config-sec-zone)# description Internet Traffic
|
(Optional) Describes the zone. |
|
exit
Example:
Router(config-sec-zone)# exit
|
Exits security zone configuration mode and enters global configuration mode. |
|
zone-pair security zone-pair name [source source-zone-name | self] destination [self | destination-zone-name]
Example:
Router(config)# zone-pair security zp source z1 destination z2
|
Creates a zone pair and enters security zone configuration mode.
Note |
To apply a policy, you must configure a zone pair. |
|
|
description line-of-description
Example:
Router(config-sec-zone)# description accounting network
|
(Optional) Describes the zone pair. |
|
exit
Example:
Router(config-sec-zone)# exit
|
Exits security zone configuration mode and enters global configuration mode. |
|
interface type number
Example:
Router(config)# interface ethernet 0
|
Specifies an interface and enters interface configuration mode. |
|
description line-of-description
Example:
Router(config-if)# description zone interface
|
(Optional) Describes the interface. |
|
zone-member security zone-name
Example:
Router(config-if)# zone-member security zone1
|
Assigns an interface to a specified security zone.
Note |
When you make an interface a member of a security zone, all traffic in and out of that interface (except the traffic bound for the router or initiated by the router) is dropped by default. To let traffic through the interface, you must make the zone part of a zone pair to which you apply a policy. If the policy permits traffic, traffic can flow through that interface. |
|
|
ip address ip-address
Example:
Router(config-if)# ip address 10.70.0.1 255.255.255.0
|
Assigns the interface IP address for the security zone. |
|
ip wccp {service-id {group-listen | redirect {in | out}} | redirect exclude in | web-cache {group-listen | redirect {in | out}}
Example:
Router(config-if)# ip wccp 61 redirect in
|
Specifies the following WCCP parameters on the interface:
-
The service-id argument defines a service identifier number from 1 to 254.
-
The redirect exclude in keywords are used to exclude inbound packets from outbound redirection.
-
The web-cache keyword is used to define the standard web caching service.
-
The group-listen keyword is used for discovering multicast WCCP protocol packets.
-
The in keyword is used to redirect to a cache engine the appropriate inbound packets.
-
The out keyword is used to redirect to a cache engine the appropriate outbound packets.
|
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode and enters global configuration mode. |
|
zone-pair security zone-pair-name {source source-zone-name | self]} destination [self | destination-zone-name]
Example:
Router(config)# zone-pair security zp source z1 destination z2
|
Creates a zone pair and enters security zone pair configuration mode. |
|
service-policy type inspect policy-map-name
Example:
Router(config-sec-zone-pair)# service-policy type inspect p2
|
Attaches a firewall policy map to the destination zone pair.
Note |
If a policy is not configured between a pair of zones, traffic is dropped by default. |
|
|
end
Example:
Router(config-sec-zone-pair)# end
|
Exits security zone pair configuration mode and enters privileged EXEC mode. |