Cisco ACE-4710-K9 Administration Guide - Page 118
Class Map and Policy Map, Application Protocol Inspection Configuration Flow Diagram
View all Cisco ACE-4710-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 118 highlights
Class Map and Policy Map Overview Chapter 4 Configuring Class Maps and Policy Maps Figure 4-1 Class Map and Policy Map-Application Protocol Inspection Configuration Flow Diagram 1 Layer 7 HTTP Inspection Class Map (config)# class-map type http inspect match-all | match-any HTTP_INSPECT_L7CLASS Defines multiple Layer 7 HTTP deep packet inspection match criteria, such as: Content expressions and length Header, header length, header MIME-type Port misuse URL expressions and length Layer 7 HTTP inspection class map associated with Layer 7 HTTP inspection policy map 2 Layer 7 HTTP Inspection Policy Map (config)# policy-map type inspect http all-match HTTP_INSPECT_L7POLICY Associates the Layer 7 HTTP inspection class map and specifies one or more of the following actions: Permit Reset 3 Layer 7 FTP Inspection Class Map (config)# class-map type ftp inspect match-any FTP_INSPECT_L7CLASS Defines multiple Layer 7 FTP request command inspection match criteria, including: appe, cdup, dele, get, help, mkd, put, rmd, rnfr, rnto, site, stou, and syst Layer 7 FTP inspection class map associated with Layer 7 FTP inspection policy map 4 Layer 7 FTP Inspection Policy Map (config)# policy-map type inspect ftp first-match FTP_INSPECT_L7POLICY Associates the Layer 7 FTP inspection class map and specifies one or more of the following actions: Deny Mask-reply 5 Layer 3 and Layer 4 Traffic Class Map (config)# class-map match-all | match-any APP_INSPECT_L4CLASS Defines Layer 3 and Layer 4 traffic match criteria for application protocol inspection: Access list Port 6 Layer 3 and Layer 4 Policy Map (config)# policy-map multi-match HTTP_INSPECT_L4POLICY Creates a Layer 3 and Layer 4 policy map to perform one or more of the following actions: Associate Layer 3 and Layer 4 traffic Layer 3 and Layer 4 traffic class map, Layer 7 HTTP inspection policy map, and Layer 7 FTP policy map associated with a Layer 3 and Layer 4 policy map class map Associate Layer 7 HTTP deep packet inspection policy map Associate Layer 7 FTP command inspection policy map Perform HTTP inspection Perform DNS inspection Perform FTP inspection Perform ICMP inspection Perform RTSP inspection Policy map applied globally to all VLAN interfaces or to a specific VLAN interface 7 Global Service Policy/VLAN (config)# service-policy input HTTP_INSPECT_L4POLICY Service policy applies policy map to all VLAN interfaces in the context Specific Service Policy/VLAN (config)# interface vlan 50 (config-if)# service-policy input HTTP_INSPECT_L4POLICY Service policy applies policy map to a specific VLAN interface 153381 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-4 OL-11157-01