Multimatch Classification Policy
The multimatch classification policy applies to any service policy containing a policy map
that applies multiple domains to traffic classes. For example, a policy map that assigns an
inspect action to class map A and a police action to class map B would qualify as a
multimatch classification. Each domain is allowed an attempt to match its criteria to the
packet. Once all matches have been verified, all actions assigned by these matches are applied
to the packet. For example, an H.323 traffic class could be assigned an inspection domain,
while all TCP traffic could be assigned a set-connections domain and all voice traffic could
be set a priority domain. If a VoIP traffic flow enters the Security Appliance, all three domains
would affect and match this traffic flow, causing it to be inspected, have TCP connection
limits applied to the flow, and be prioritized in the LLQ.
The Security Appliance will apply these actions in a specific order that does not reflect the
order in which the actions have been configured:
1. IPS
2. TCP Flow Control
3. Inspection
4. Policing
5. Priority