Step 1 |
enable
Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure
terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3 |
parameter-map
type
regex
parameter-map-name
Example:
Router(config)# parameter-map type regex rate-limited-proxy
|
Configures a parameter-map type to match a specific traffic pattern and enters profile configuration mode.
|
Step 4 |
pattern
url-pattern
Example:
Router(config-profile)# pattern “compromised.server.com”
|
Matches a call based on the SIP URI.
|
Step 5 |
exit
Example:
Router(config-cmap)# exit
|
Exits profile configuration mode.
|
Step 6 |
class-map
type
inspect
protocol-name
match-any
class-map-name
Example:
Router(config)# class-map type inspect sip match-any class_2
|
Creates an inspect type class map and enters class-map configuration mode.
|
Step 7 |
match
request
method
method-name
Example:
Router(config-cmap)# match request method invite
|
Matches RFC 3261 methods. Methods include the following:
ack, bye, cancel, info, invite, message, notify, options, prack, refer, register, subscribe, update.
|
Step 8 |
match
request
header
field
regex
regex-param-map
Example:
Router(config-cmap)# match request header Via regex rate-limited-proxy
|
Configures a class-map type to match a specific request header pattern.
|
Step 9 |
exit
Example:
Router(config-cmap)# exit
|
Exits class-map configuration mode.
|
Step 10 |
policy-map
type
inspect
protocol-name
policy-map-name
Example:
Router(config)# policy-map type inspect sip policy-2
|
Creates an inspect type policy map and enters policy-map configuration mode.
|
Step 11 |
class
type
inspect
protocol-name
class-map-name
Example:
Router(config-pmap)# class type inspect sip class-2
|
Specifies the class on which the action is performed and enters policy-map class configuration mode.
|
Step 12 |
rate-limit
limit-number
Example:
Router(config-pmap-c)# rate-limit 16
|
Limits the number of SIP messages that strike the Cisco IOS firewall every second.
|
Step 13 |
exit
Example:
Router(config-pmap-c)# exit
|
Exits policy-map class configuration mode.
|
Step 14 |
exit
Example:
Router(config-pmap)# exit
|
Exits policy-map configuration mode and enters global configuration mode.
|
Step 15 |
class-map
type
inspect
match-any
class-map-name
Example:
Router(config)# class-map type inspect match-any class-1
|
Creates an inspect type class map and enters class-map configuration mode.
|
Step 16 |
match
protocol
protocol-name
Example:
Router(config-cmap)# match protocol sip
|
Configures the match criterion for a class map on the basis of the specified protocol.
|
Step 17 |
exit
Example:
Router(config-cmap)# exit
|
Exits class-map configuration mode.
|
Step 18 |
policy-map
type
inspect
policy-map-name
Example:
Router(config)# policy-map type inspect policy-1
|
Creates an inspect type policy map and enters policy-map configuration mode.
|
Step 19 |
class
type
inspect
class-map-name
Example:
Router(config-pmap)# class type inspect class-1
|
Specifies the class on which the action is performed and enters policy-map class configuration mode.
|
Step 20 |
inspect
Example:
Router(config-pmap-c)# inspect
|
Enables stateful packet inspection.
|
Step 21 |
service-policy
protocol-name
policy-map-name
Example:
Router(config-pmap-c)# service-policy sip policy-2
|
Attaches the policy map to the service policy for the interface or virtual circuit.
|
Step 22 |
exit
Example:
Router(config-pmap-c)# exit
|
Exits policy-map class configuration mode.
|