Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Class-map for CSC ignores

I have an application that is getting blocked by the Trend Micro CSC under the http class map. I need it to ignore http traffic from a, and allow all else. I haven't worked with class maps much, but my thinking is an ACL with the IP subnet, and a match statement under the class map, but where I have the question is, will the ACL be

permit ip any

deny ip any any

or the other way around?

deny ip any

permit ip any any


Re: Class-map for CSC ignores

with class-maps

permit ACL mean match

deny mean ignore

in ur case

deny traffic from the to any

then permit any

good luck

and rate if helpful

New Member

Re: Class-map for CSC ignores

OK I think I got it, havent applied it yet.

access-list CSC-Ignore extended deny tcp eq www

access-list CSC-Ignore extended permit tcp any any eq www


class-map http

match access-list CSC-Ignore

Re: Class-map for CSC ignores

thats right

but upong the ACL u have writen above u will ignore web traffic from to

and will match any other web traffic

but nothing else

i mean no smtp,pop3 or ftp

if u want to match any thing else after the deny or ignore statement

u have to make permit ip any any

after u match it with class-map

apply it to a policy map

like polic-map global_policy (which is the default global policy)

class-map (ur calss-map name)

csc fail-open


service-policy global_policy global

in this case it will be applied to all interfaces

good luck

Rate if helpful

CreatePlease to create content