CLI Guide
Layer 2 Switching Commands 724
Enter the class-map command with the match-all/match-any parameter and
a nonexistent class-map-name to create a new class map. The class-map-
name must not be the same as any other class map or access group name.
Use the no class-map form of the command without a match-all/match-any
parameter to delete an existing class map.
The match-all parameter indicates that all of the match criteria configured in
the class map must be met for the packet to be processed by the class map.
The match-any parameter indicates that any of the match criteria configured
in the class-map may be met for the packet to be processed by the class-map.
Only one access-group may be referenced in a match-all class map. Multiple
access-groups of the same type may be referenced in a match-any class map.
Command History
Updated syntax in version 6.5 firmware.
Example
The following example creates a class-map named “DELL” which requires
terms in the access-group DELL-ACCESS to be matched.
console(config)#class-map match-all DELL
console(config-classmap)#match access-group DELL-ACCESS
console(config-cmap)#exit
The following example configures multiple policy maps. Each policy map
references a class map that references access groups. Assign the policy for
inbound traffic to interfaces using the service policy-in command.
console(config)#ip access-list default
console(config-ip-acl)#deny ip any any
console(config-ip-acl)#exit
console(config)#ip access-list voice-all
console(config-ip-acl)#permit udp 10.0.0.0 0.255.255.255 any range 16384
32768
console(config-ip-acl)#permit udp any 10.0.0.0 0.255.255.255 range 16384
32768
console(config-ip-acl)#permit udp 10.0.0.0 0.255.255.255 eq 17000 any
console(config-ip-acl)#deny ip any any
console(config-ip-acl)#exit
console(config)#ip access-list voice-pass
console(config-ip-acl)#deny ip any any
console(config-ip-acl)#exit
console(config)# class-map match-any voice-all