cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
443
Views
5
Helpful
3
Replies

Modular Policy Framework order of operation

Jesse Wiener
Level 4
Level 4

I am just looking for an order of operation. If I have an ASA 7.2(2) and I a default global policy. If I make a service policy, and apply it to an interface does that replace the global policy for traffic traversing that interface, or is it like an ACL that if it doesn't match it looks at the next. Example Http traffic, if it doesn't match the policy assigned to the interface which is only set to inspect ftp, it then checks the default policy for a match on the http inspect?

Thanks in advance for the info

3 Replies 3

vitripat
Level 7
Level 7

You are right. With global policy in place, if you apply a interface policy, traffic would be first checked based on the interface policy. If traffic does not match any thing in the interface policy, then it'll be matched based on the global policy.

If traffic has been matched in the interface policy, then it wont be sent through the global policy again. This is one of the reasons it is said to define the traffic in interface policy as specific as possible.

Hope this clarifies.

Regards,

Vibhor.

abinjola
Cisco Employee
Cisco Employee

Hello ,

The service-policy command activates a policy-map command globally on all interfaces or on a targeted interface. An interface can be a virtual (vlan) interface or a physical interface. Only one global policy-map is allowed. If you specify the keyword interface and an interface name, the policy-map applies only to that interface. An interface policy-map inherits rules from the global policy-map. For rules that overlap with the global policy map, the interface policy rules will be applied. Only one interface policy-map can be applied to an interface at any one time

Please let me know if you need any links on this

Hope that answered your Queries !

if you have links that would be cool, but thanks for the great explaination.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: