Class-Map Commands

class-map

To create a class map to be used for matching packets to a specified class and to enter QoS class-map configuration mode, use the class-map command in global configuration mode. To remove an existing class map from a device, use the no form of this command.

class-map { [ type inspect match-all ] | [ match-any ] } class-map-name

no class-map { [ type inspect match-all ] | [ match-any ] }

Syntax Description

type inspect

(Optional) Specifies the class-map type as inspect.

match-all

(Optional) Determines how packets are evaluated when multiple match criteria exist. Matches statements under this class map based on the logical AND function. A packet must match all statements to be accepted. If you do not specify the match-all or match-any keyword, the default keyword used is match-all .

match-any

(Optional) Determines how packets are evaluated when multiple match criteria exist. Matches statements under this class map based on the logical OR function. A packet must match any of the match statements to be accepted. If you do not specify the match-any or match-all keyword, the default keyword is used match-all .

class-map-name

Name of the class for the class map. The class name is used for both the class map and to configure a policy for the class in the policy map.

Note

 

You can enter the value for the class-map-name argument within quotation marks. The software does not accept spaces in a class map name entered without quotation marks.

Command Default

A class map is not configured.

Command Modes


Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.2.1v

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

For usage guidelines, see the Cisco IOS XE class-map command. 

class-map match-any BestEffort
  match qos-group 3
 !
 class-map match-any Bulk
  match qos-group 4
 !
 class-map match-any Critical
  match qos-group 1
 !
 class-map match-any Critical-Low
  match qos-group 2
 !
 class-map match-any BULK
  match qos-group 2
 !
 class-map match-any CONTROL-SIGNALING
  match qos-group 4
 !
 class-map match-any CRITICAL-DATA
  match qos-group 1
 !
 class-map match-any Default
  match qos-group 5
 !
 class-map match-any INTERACTIVE-VIDEO
  match qos-group 3
 !
 class-map match-any LLQ
  match qos-group 0
 !
 class-map match-any Queue0
  match qos-group 0
 !
 class-map match-any Queue1
  match qos-group 1
 !
 class-map match-any Queue2
  match qos-group 2
 !
 class-map match-any Queue3
  match qos-group 3
 !
 class-map match-any Queue4
  match qos-group 4
 !
 class-map match-any Queue5
  match qos-group 5
 !
 class-map type inspect match-all cmap
  match access-group name cmap
 !
 class-map match-any Queue4
  match qos-group 0
 !

The following example configures the match criterion for a class map on the basis of a specified protocol for zone based policy firewall: 

class-map match-any aa1-cm0_
match protocol test
match protocol mpeg2-ts
!

match qos-group

To identify a specific quality of service (QoS) group value as a match criterion, use the match qos-group command in class-map configuration or policy inline configuration mode. To remove a specific QoS group value from a class map, use the no form of this command.

match qos-group qos-group-value

no match qos-group qos-group-value

Syntax Description

qos-group-value

The exact value from 0 to 99 used to identify a QoS group value.

Command Default

No match criterion is specified.

Command Modes


Class-map configuration (config-cmap)

Command History

Release

Modification

Cisco IOS XE Catalyst SD-WAN Release 17.2.1v

Command qualified for use in Cisco vManage CLI templates.

 

class-map match-any BestEffort
  match qos-group 3
 !
 class-map match-any Bulk
  match qos-group 4
 !
 class-map match-any Critical
  match qos-group 1
 !
 class-map match-any Critical-Low
  match qos-group 2
 !
 class-map match-any BULK
  match qos-group 2
 !
 class-map match-any CONTROL-SIGNALING
  match qos-group 4
 !
 class-map match-any CRITICAL-DATA
  match qos-group 1
 !
 class-map match-any Default
  match qos-group 5
 !
 class-map match-any INTERACTIVE-VIDEO
  match qos-group 3
 !
 class-map match-any LLQ
  match qos-group 0
 !
 class-map match-any Queue0
  match qos-group 0
 !
 class-map match-any Queue1
  match qos-group 1
 !
 class-map match-any Queue2
  match qos-group 2
 !
 class-map match-any Queue3
  match qos-group 3
 !
 class-map match-any Queue4
  match qos-group 4
 !
 class-map match-any Queue5
  match qos-group 5
 !

pass

To allow packets to be sent to the router without being inspected, use the pass command in policy-map-class configuration mode.

pass log

Command Default

No default behavior or values.

Command Modes

Policy-map-class configuration mode (config-pmap-c)

Command History

Release Modification
Cisco IOS XE Catalyst SD-WAN Release 17.2.1v

Command qualified for use in Cisco vManage CLI templates.

Usage Guidelines

The zone-based firewall feature can be enabled on a Cisco IOS XE Catalyst SD-WAN devices for inspecting traffic exchange between multiple service VPNs. policy-map type inspect command can be used to create a policy-map under which class or class type inspect command can be called for taking further actions on the traffic of interest.

Examples

The following example shows how to create a policy-map type inspect fw_policy1. Inside this policy-map, a class of class type inspect cmap_1 has been called. Inside the class type inspect, pass log command can be called to not drop or inspect packets for the desired class. 

Device(config)# policy-map type inspect fw_policy1
Device(config-pmap)# class type inspect cmap_1
Device(config-pmap-c)# pass log

Related Commands

Command

Description

policy-map type inspect policy-name

Creates a Layer 3 or Layer 4 inspect type policy map.

class type inspect class-name

Specifies the traffic class on which an action is to be performed.

log

Logs the firewall activity for an inspect parameter map.