Scribd
Upload
34 views

Modular Policy Framework-7

The Cisco Modular Policy Framework provides flexibility in configuring network policies. It defines traffic flows and associates security policies with the flows. Class maps are used to match traffic based on criteria like access lists or ports. Policy maps connect actions to class maps, such as sending traffic to security services. Service policies activate policy maps on interfaces or globally. This allows administrators to apply different security policies to various traffic flows.

Uploaded by

Bhunesh Kumar
Copyright
© © All Rights Reserved
Available Formats
Download as PPS, PDF, TXT or read online on Scribd
34 views

Modular Policy Framework-7

The Cisco Modular Policy Framework provides flexibility in configuring network policies. It defines traffic flows and associates security policies with the flows. Class maps are used to match traffic based on criteria like access lists or ports. Policy maps connect actions to class maps, such as sending traffic to security services. Service policies activate policy maps on interfaces or globally. This allows administrators to apply different security policies to various traffic flows.

Uploaded by

Bhunesh Kumar
Copyright
© © All Rights Reserved
Available Formats
Download as PPS, PDF, TXT or read online on Scribd
You are on page 1/ 14

Modular Policy Framework

Overview

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-1


Modular Policy Framework Overview

System Engineers Internet Headquarters

Executives Internet

384 K 384 K

Site C
Site B
Cisco Modular Policy Framework provides greater
granularity and more flexibility when configuring
network policies.
• Define flows of traffic
• Associate security policy to traffic flows
• Enable a set of security policies on an interface or globally
© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-2
Components of Modular Policy Frame Work
Class Map
Class match is configured to match something. For example if we want to applies
certain polices on http, https and SMTP traffic we add them in a single class and apply
different policies on this class.
We can match traffic for a class based upon following criteria's
1) Access-List
2) Any
3) DSCP
4) Flow Based e.g. Destination IP
5) Port Based TCP or UDP
6) Tunnel Group
7) IP Precedence
8) RTP destination Port Number

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-3


Policy Map
The class map determines what is matched, and the
policy map associates one or more actions on class map.
1) Forward the traffic flow to the Security Services Module
(when present) for intrusion protection.
2) Perform a specified protocol inspection or inspections by
creating an inspection policy.
3) Police the bandwidth used by the specified flow by
creating a quality of service (QoS) police policy.
4) Set connection parameters on the flows by creating a set
connection policy.
5) Direct the flow to the low-latency queue by creating a
QoS priority policy.

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-4


Service Policy

The service policy activates a policy map on a


targeted interface or globally on all interfaces.

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-5


Modular Policy Frame Work (ASDM)

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-6


Add Service Policy Rule

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-7


Configuring Class Map

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-8


Traffic Match Creteria

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-9


Define Tunnel Group

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-10


Define Service policy rule

© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-11


© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-12
© 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—9-13

You might also like