OmniSecu.com Logo  
omnisecu.com free mcse ccna rhce linux java learning
omnisecu.com free mcse ccna rhce linux java learning
          Sharefacebook twitter google+ google bookmark yahoo bookmark delicious digg linkedin pinterest reddit stumbleupon evernote diigo blinklist blogmarks livejournal email feed

Tutorials

C3PL (Cisco Common Classification Policy Language), Class Map, Policy Map and Service Policy

External Resources

Cisco IOS Zone Based Firewall uses a technology called as Cisco Common Classification Policy Language (C3PL), which is similar to MQC (Modular QoS Command-Line). Cisco Common Classification Policy Language (C3PL) is made of three components; class maps, policy maps and service policies. Cisco IOS Zone Based Firewall Access Policies are made using class maps, policy maps and service policies.

Class Map, Policy Map and Service Policy

Class Map: A Class map is used to identify the traffic based on some criteria, like ACLs or Protocol.

Policy Map: Policy Maps are used to apply a firewall policy to the Class map that is created previously. Policy maps can define what we want to do with the traffic identified by the class map. Three types of actions can be applied on traffic with the Policy map.

• Drop - Drop the traffic
• Inspect - Dynamically inspect the traffic ("inspect" command is used to configure stateful inspection, which will allow the matching return traffic.)
• Pass - Forward the traffic

Service Policy: Service policies define where to apply the Policy map created before. In Cisco IOS Zone Based Firewall, Service policies are finally applied to a security zone pair.

              Jajish Thomason Google+
Related Topics
Access Control Lists (ACLs) What is Cisco IOS Zone Based Firewall C3PL (Cisco Common Classification Policy Language), Class Map, Policy Map and Service Policy What are Zones and Zone Pairs How to configure Cisco IOS Zone Based Firewall

comments powered by Disqus


eXTReMe Tracker DMCA.com