Configuring ISG Control Policies
How to Configure an ISG Control Policy
4
How to Configure an ISG Control Policy
Perform the following tasks to configure an ISG control policy:
• Configuring a Control Class Map, page 4 (required)
• Configuring a Control Policy Map, page 8 (required)
• Applying the Control Policy Map, page 12 (required)
• Monitoring and Maintaining ISG Control Policies, page 15 (optional)
Configuring a Control Class Map
A control class map contains conditions that must be met for a control policy to be executed. A control
class map can contain one or more conditions. Perform this task to configure a control class map.
SUMMARY STEPS
1. enable
2. configure terminal
3. class-map type control [match-all | match-any | match-none] class-map-name
4. available {authen-status | authenticated-domain | authenticated-username | dnis | media |
mlp-negotiated | nas-port | no-username | protocol | service-name | source-ip-address | timer |
tunnel-name | unauthenticated-domain | unauthenticated-username}
5. greater-than [not] nas-port {[adapter adapter-number] [channel channel-number] [ipaddr
ip-address] [port port-number] [shelf shelf-number] [slot slot-number] [sub-interface
sub-interface-number] [type interface-type] [vci vci-number] [vlan vlan-id] [vpi vpi-number]}
6. greater-than-or-equal [not] nas-port {[adapter adapter-number] [channel channel-number]
[ipaddr ip-address] [port port-number] [shelf shelf-number] [slot slot-number] [sub-interface
sub-interface-number] [type interface-type] [vci vci-number] [vlan vlan-id] [vpi vpi-number]}
7. less-than [not] nas-port {[adapter adapter-number] [channel channel-number] [ipaddr
ip-address] [port port-number] [shelf shelf-number] [slot slot-number] [sub-interface
sub-interface-number] [type interface-type] [vci vci-number] [vlan vlan-id] [vpi vpi-number]}
8. less-than-or-equal [not] nas-port {[adapter adapter-number] [channel channel-number] [ipaddr
ip-address] [port port-number] [shelf shelf-number] [slot slot-number] [sub-interface
sub-interface-number] [type interface-type] [vci vci-number] [vlan vlan-id] [vpi vpi-number]}
9. match authen-status {authenticated | unauthenticated}
10. match authenticated-domain {domain-name | regexp regular-expression}
11. match authenticated-username {username | regexp regular-expression}
12. match dnis {dnis | regexp regular-expression}
13. match media {async | atm | ether | ip | isdn | mpls | serial}
14. match mlp-negotiated {no | yes}
15. match nas-port {adapter adapter-number | channel channel-number | circuit-id name | ipaddr
ip-address | port port-number | remote-id name | shelf shelf-number | slot slot-number |
sub-interface sub-interface-number | type {async | atm | basic-rate | enm | ether | fxo | fxs | none
| primary-rate | synch | vlan | vty} | vci vci-number | vlan vlan-id | vpi vpi-number}
To Next Page
Loading...
Need help?
General