Search

Home >> Knowledgebase >> CCNA Security >> C3PL (Cisco Common Classification Policy Language), Class Map, Policy Map and Service Policy

C3PL (Cisco Common Classification Policy Language), Class Map, Policy Map and Service Policy

Cisco IOS Zone Based Firewall uses a technology called as Cisco Common Classification Policy Language (C3PL), which is similar to MQC (Modular QoS Command-Line). Cisco Common Classification Policy Language (C3PL) is made of three components; class maps, policy maps and service policies. Cisco IOS Zone Based Firewall Access Policies are made using class maps, policy maps and service policies.

Class Map, Policy Map and Service Policy

Class Map: A Class map is used to identify the traffic based on some criteria, like ACLs or Protocol.

Policy Map: Policy Maps are used to apply a firewall policy to the Class map that is created previously. Policy maps can define what we want to do with the traffic identified by the class map. Three types of actions can be applied on traffic with the Policy map.

• Drop - Drop the traffic
• Inspect - Dynamically inspect the traffic ("inspect" command is used to configure stateful inspection, which will allow the matching return traffic.)
• Pass - Forward the traffic

Service Policy: Service policies define where to apply the Policy map created before. In Cisco IOS Zone Based Firewall, Service policies are finally applied to a security zone pair.

<< What is Cisco IOS Zone Based Firewall
What are Zones and Zone Pairs >>
Related Tutorials
• Access Control Lists (ACLs)
• What is Cisco IOS Zone Based Firewall
• C3PL (Cisco Common Classification Policy Language), Class Map, Policy Map and Service Policy
• What are Zones and Zone Pairs
• How to configure Cisco IOS Zone Based Firewall