class-map type inspect ---> policy-map type inspect ---> policy-map ---> service-policy
class-map---->policy-map---->service-policy
·
正则表达式:
regulay expressions
·
组正则表达式:
ciscoasa(config)# regex myregex1 cisco1\.com
ciscoasa(config)# regex myregex2 cisco2\.com
ciscoasa(config)# class-map type regex match-any mycla***
ciscoasa(config-cmap)# match regex myregex1
ciscoasa(config-cmap)# match regex myregex2
ciscoasa# test regex cisco.com "cisco\.com"
//
测试
ciscoasa(config)# class-map ?
configure mode commands/options:
WORD < 41 char class-map name
type Specifies the type of class-map
//type
里面定义的用在
class
类中
,
policy
里面的用法一致
·
//http
默认的
80
替换成
8080
ciscoasa(config)# class-map http8080
ciscoasa(config-cmap)# match port tcp eq 8080
ciscoasa(config)# policy-map mypolicy
ciscoasa(config-pmap)# class http8080
ciscoasa(config-pmap-c)# inspect http
ciscoasa(config)# service-policy mypolicy interface inside
·
//
同时检测
80
和
8080
ciscoasa(config)# class-map http8080
ciscoasa(config-cmap)# match port tcp eq 8080
ciscoasa(config)# class-map http80
ciscoasa(config-cmap)# match port tcp eq 80
ciscoasa(config)# policy-map mypolicy
ciscoasa(config-pmap)# class http8080
ciscoasa(config-pmap-c)# inspect http
ciscoasa(config-pmap)# class http80
ciscoasa(config-pmap-c)# inspect http
ciscoasa(config)# service-policy mypolicy interface inside
--------------------------------
案例
-----------------------------------------
ciscoasa(config)# class-map type inspect http myhttp
ciscoasa(config)# policy-map type inspect http myinpolicy
ciscoasa(config-pmap)# class myhttp
ciscoasa(config-pmap-c)# drop-connection
ciscoasa(config)# policy-map mypolicy
ciscoasa(config-pmap)# class class-default
ciscoasa(config-pmap-c)# inspect http myinpolicy
ciscoasa(config)# service-policy mypolicy interface inside
-----------------------------------------------------------------------------
转载于:https://blog.51cto.com/nppstudy/725920
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
