Class-Map Configuration Mode Commands

Class-Map Configuration Mode Commands
 
Class-Map is used to configure a packet classifier for the flow-based Traffic Policing feature within destination context. It filters egress and/or ingress packets of a subscriber session based on rules configured in a subscriber context.
note_smallImportant: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
end
Exits the current configuration mode and returns to the Exec mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Use this command to return to the Exec mode.
exit
Exits the current mode and returns to the parent configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Use this command to return to the parent configuration mode.
match any
Allows all traffic types in this class map.
Product
PDSN, HA, ASN-GW, HSGW, P-GW, SCM
Privilege
Security Administrator, Administrator
Syntax
match any
Usage
Sets the match rule to allow all traffic flow for specific class map.
Example
The following command allows all packets going to a system with this class map.
match any
match dst-ip-address
Specifies a traffic classification rule based on the destination IP address of packets.
Product
PDSN, HA, ASN-GW, HSGW, P-GW, SCM
Privilege
Security Administrator, Administrator
Syntax
match dst-ip-address dst_ip_address /subnet_mask
match dst-ip-address dst_ip_address/subnet_mask
Specifies the destination IP address of the packets.
dst_ip_address must be entered in IPv4 dotted-decimal or IPv6 colon-separated notation.
subnet_mask is an option that is entered in CIDR notation.
Usage
Sets the match rule based on the destination IP address of packets for specific Class Map.
Example
The following command specifies the rule for packets going to a system having an IP address 10.1.2.6.
match dst-ip-address 10.1.2.6
match dst-port-range
Specifies a traffic classification rule based on the range of destination ports for L4 packets.
Product
PDSN, HA, ASN-GW, HSGW, P-GW, SCM
Privilege
Security Administrator, Administrator
Syntax
match dst-port-range initial_port_number [ to last_port_number ]
match dst-port-range initial_port_number [ to last_port_number ]
Specifies the destination port or range of ports of L4 packets.
initial_port_number is the starting port number and must be an integer 1 to 65535 but less than last_port_number, if specified.
last_port_number is the end port number and must be an integer from 1 to 65535 but more than initial_port_number.
Usage
Sets the match rule based on the destination port number or range of ports of L4 packets for specific Class Map.
Example
The following command specifies the rule for packets having destination port number from 23 to 88.
match dst-port-range 23 to 88
match ip-tos
Specifies a traffic classification rule based on the IP Type of Service value in ToS field of packet.
Product
PDSN, HA, ASN-GW, HSGW, P-GW, SCM
Privilege
Administrator
Syntax
match ip-tos { service_value [ ip-tos-mask mask_value ] | tos-range low_value to high_value }
match ip-tos service_value
Specifies the IP Type-of-Service value to match inside the ToS field of packets as an integer from 0 to 255.
ip-tos-mask mask_value
Specifies the IP Type-of-Service mask value to match inside the ToS field of packets as an integer from 1 to 255.
tos-range low_value to high_value
Specifies a range that a ToS value in a received packet must fall within to be considered a match. low_value and high_value must be an integer from 0 to 255.
Usage
Sets the match rule based on the IP ToS value in ToS field of packets for specific Class Map.
Example
The following commands specifies the IP ToS value of 3 is the value to match in a ToS field in received packets.
match ip-tos 3
match ipsec-spi
Specifies a traffic classification rule based on the IPSec Security Parameter Index (SPI) value in the SPI field of packet.
Product
PDSN, HA, ASN-GW, HSGW, P-GW, SCM
Privilege
Security Administrator, Administrator
Syntax
match ipsec-spi index_value
match ipsec-spi index_value
Specifies the IPSec SPI value to match inside the SPI field of packets as an integer from 1 to 65535.
Usage
Sets the match rule based on the IPSec SPI value in SPI field of packets for specific Class Map.
Example
The following command specifies the IPSec SPI value as 1234 for the SPI field in packets.
match ipsec-spi 1234
match packet-size
Specifies a traffic classification rule based on the size of packet.
Product
PDSN, HA, ASN-GW, HSGW, P-GW, SCM
Privilege
Security Administrator, Administrator
Syntax
match packet-size [ gt | lt ] size
match packet-size [ gt | lt ] size
Specifies the packet length in bytes.
gt: indicates a packet size greater than the specified size.
lt: indicates a packet size less than the specified size.
size must be an integer from 1 to 65535.
Usage
Sets the match rule based on the size of packets for specific Class Map. This command is only applicable for static policies; it is not available for dynamic policies.
Example
The following command specifies the packet length to be 1024 bytes.
match packet-size 1024
match protocol
Specifies a traffic classification rule based on the protocol used for session flow.
Product
PDSN, HA, ASN-GW, HSGW, P-GW, SCM
Privilege
Security Administrator, Administrator
Syntax
match protocol { gre | ip-in-ip | number | rtp | sip | tcp | udp }
match protocol gre
Sets the match rule for session flow using Generic Routing Encapsulation (GRE) Protocol. It matches the protocol field to GRE inside the packet.
match protocol ip-in-ip
Sets the match rule for session flow using IP-in-IP encapsulation protocol. It matches the protocol field to ip-in-ip inside the packet.
match protocol number
Sets the match rule for a session flow using Transmission Control Protocol (TCP). It matches the specified protocol field inside the packet.
match protocol rtp
Sets the match rule for a session flow using Real Time Protocol (RTP). It matches the specified protocol field inside the packet.
match protocol sip
Sets the match rule for a session flow using Session Initiation Protocol (SIP). It matches the specified protocol field inside the packet.
match protocol tcp
Sets the match rule for a session flow using Transmission Control Protocol (TCP). It matches the protocol field to TCP inside the packet.
match protocol udp
Sets the match rule for a session flow having User Datagram Protocol (UDP). It matches the protocol field to UDP inside the packet.
Usage
Sets the match rule based on the protocol of packet flow for a specific Class Map.
Example
The following command specifies the rule for packet flow using IP-in-IP protocol.
match protocol ip-in-ip
match src-ip-address
Specifies a traffic classification rule based on the source IP address of packets.
Product
PDSN, HA, ASN-GW, HSGW, P-GW, SCM
Privilege
Security Administrator, Administrator
Syntax
match src-ip-address src_ip_address /subnet_mask
match src-ip-address src_ip_address/subnet_mask
Specifies the destination IP address of the packets.
src_ip_address must be entered in IPv4 dotted-decimal or IPv6 colon-separated notation.
subnet_mask is an option that is entered in CIDR notation.
Usage
Sets the match rule based on the source IP address of packets for specific Class Map.
Example
The following command specifies the rule for packets coming from a system having an IP address 10.1.2.3.
match src-ip-address 10.1.2.3
match src-port-range
Specifies a traffic classification rule based on the range of source ports of L4 packets.
Product
PDSN, HA, ASN-GW, HSGW, P-GW, SCM
Privilege
Security Administrator, Administrator
Syntax
match src-port-range initial_port_number [ to last_port_number ]
initial_port_number [ to last_port_number ]
Specifies the source port or range of ports of the L4 packets.
initial_port_number is the starting port number and must be an integer from 1 to 65535 but less than last_port_number, if specified.
last_port_number is the end port number and must be an integer from 1 to 65535 but more than initial_port_number.
Usage
Sets the match rule based on source port number or range of ports of L4 packets for specific Class Map.
Example
The following command specifies the rule for packets having source port number from 23 to 88.
match src-port-range 23 to 88
 
 
Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883