class-map vs class-map type inspect

Unanswered Question
Mar 10th, 2009

I'm having a hard time understanding the difference between the following commands.

class-map match-any Name

class-map type inspect match-any Name

policy-map Name

policy-map type inspect Name

Also a policy-map of type inspect can apparently have a regular class-map or a class-map type inspect under it. Can someone please help explain the uses for the different types of class/policy maps and what each one is specifically used for?

Thank you very much.

I have this problem too.
2 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Tue, 03/10/2009 - 08:11

Easiest way is to explain that the inspection type class map and policy map is used for treating, specific traffic such as TCP, FTP, SMTP and so on, if you define an inspection type class map/policy map say for example an FTP class map you will have features available for FTP traffic such as strict ftp inspection, specific allowance of commands like DELETE, LIST and so. And the normal class map is used for general traffic selection criteria.

wdgolden1 Tue, 03/10/2009 - 08:23

Here's an example I made real quick. In both the class-map and class-map type inspect I'm inspecting edonkey traffic. Can either of these be used for ZBF?

Is class-map typically used just for QoS while class-map type inspect is used for ZBF? Also when would a regular class-map be used under a policy-map type inspect?

class-map match-any NoType

match protocol edonkey

class-map type inspect match-all TypeInspect

match protocol edonkey



policy-map NoType

class NoType

police 1000000

policy-map type inspect TypeInspect

class type inspect TypeInspect



This Discussion