Step 1 |
enable
Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure
terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3 |
class-map
type
inspect
match-any
class-map-name
Example:
Router(config)# class-map type inspect match-any rtsp_class1
|
Creates an inspect type class map and enters class-map configuration mode.
|
Step 4 |
match
protocol
protocol-name
Example:
Router(config-cmap)# match protocol rtsp
|
Configures the match criteria for a class map on the basis of the named protocol.
|
Step 5 |
exit
Example:
Router(config-cmap)# exit
|
Returns to global configuration mode.
|
Step 6 |
policy-map
type
inspect
policy-map-name
Example:
Router(config)# policy-map type inspect rtsp_policy
|
Creates an inspect type policy map and enters policy-map configuration mode.
|
Step 7 |
class
type
inspect
class-map-name
Example:
Router(config-pmap)# class type inspect rtsp_class1
|
Specifies the class on which the action is performed and enters policy-map-class configuration mode.
|
Step 8 |
inspect
Example:
Router(config-pmap-c)# inspect
|
Enables stateful packet inspection.
|
Step 9 |
class
class-default
Example:
Router(config-pmap-c)# class class-default
|
Specifies that these policy map settings apply to the predefined default class. If traffic does not match any of the match criteria in the configured class maps, it is directed to the predefined default class.
|
Step 10 |
exit
Example:
Router(config-pmap-c)# exit
|
Returns to policy-map configuration mode.
|
Step 11 |
exit
Example:
Router(config-pmap)# exit
|
Returns to global configuration mode.
|
Step 12 |
zone
security
zone-name1
Example:
Router(config)# zone security private
|
Creates a security zone to which interfaces can be assigned and enters security-zone configuration mode.
|
Step 13 |
exit
Example:
Router(config-sec-zone)# exit
|
Returns to global configuration mode.
|
Step 14 |
zone
security
zone-name2
Example:
Router(config)# zone security public
|
Creates a security zone to which interfaces can be assigned and enters security-zone configuration mode.
|
Step 15 |
exit
Example:
Router(config-sec-zone)# exit
|
Returns to global configuration mode.
|
Step 16 |
zone-pair
security
zone-pair-name
source
source-zone-name
destination
destination-zone-name
Example:
Router(config)# zone-pair security pair-two source private destination public
|
Creates a pair of security zones and enters security-zone-pair configuration mode.
|
Step 17 |
service-policy
type
inspect
policy-map-name
Example:
Router(config-sec-zone-pair)# service-policy rtsp_policy
|
Attaches a firewall policy map to the destination zone pair.
|
Step 18 |
exit
Example:
Router(config-sec-zone-pair)# exit
|
Returns to global configuration mode.
|
Step 19 |
interface
type
number
Example:
Router(config)# GigabitEthernet0/1/0
|
Specifies an interface for configuration.
|
Step 20 |
zone-member
security
zone-name1
Example:
Router(config-if)# zone-member security private
|
Assigns an interface to a specified security zone.
When you make an interface a member of a security zone, all traffic into and out of that interface (except traffic bound for the router or initiated by the router) is dropped by default. To let traffic through the interface, you must make the zone part of a zone pair to which you apply a policy. If the policy permits traffic, traffic can flow through that interface.
|
Step 21 |
exit
Example:
|
Returns to global configuration mode.
|
Step 22 |
interface
type
number
Example:
Router(config)# GigabitEthernet0/1/0
|
Specifies an interface for configuration.
|
Step 23 |
zone-member
security
zone-name
Example:
Router(config-if)# zone-member security public
|
Assigns an interface to a specified security zone.
When you make an interface a member of a security zone, all traffic into and out of that interface (except traffic bound for the router or initiated by the router) is dropped by default. To let traffic through the interface, you must make the zone part of a zone pair to which you apply a policy. If the policy permits traffic, traffic can flow through that interface.
|
Step 24 |
end
Example:
|
Returns to privileged EXEC mode.
|