Re: class-map vs class-map type inspect

wdgolden1 · ‎03-10-2009

I'm having a hard time understanding the difference between the following commands.

class-map match-any Name

class-map type inspect match-any Name

policy-map Name

policy-map type inspect Name

Also a policy-map of type inspect can apparently have a regular class-map or a class-map type inspect under it. Can someone please help explain the uses for the different types of class/policy maps and what each one is specifically used for?

Thank you very much.

Ivan Martinon · ‎03-10-2009

Easiest way is to explain that the inspection type class map and policy map is used for treating, specific traffic such as TCP, FTP, SMTP and so on, if you define an inspection type class map/policy map say for example an FTP class map you will have features available for FTP traffic such as strict ftp inspection, specific allowance of commands like DELETE, LIST and so. And the normal class map is used for general traffic selection criteria.

wdgolden1 · ‎03-10-2009

Here's an example I made real quick. In both the class-map and class-map type inspect I'm inspecting edonkey traffic. Can either of these be used for ZBF?

Is class-map typically used just for QoS while class-map type inspect is used for ZBF? Also when would a regular class-map be used under a policy-map type inspect?

class-map match-any NoType

match protocol edonkey

class-map type inspect match-all TypeInspect

match protocol edonkey

!

policy-map NoType

class NoType

police 1000000

policy-map type inspect TypeInspect

class type inspect TypeInspect

inspect

DazOG · ‎11-08-2023

Did you ever get a satisfactory answer to this? I found this thread searching for an answer to this exact question. It doesn’t seem very clear which “inspect” is meaningful in policy-map, class-map, etc.