Cisco ACE-4710-K9 Administration Guide - Page 175
Step 1, to receive any HTTP traffic through the VLAN by entering the following
View all Cisco ACE-4710-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 175 highlights
Chapter 4 Configuring Class Maps and Policy Maps Class Maps and Policy Map Examples To create a series of class maps and policy maps to classify and permit the identified traffic, perform the following steps: Step 1 Step 2 Step 3 Permit ICMP packets from IP address 172.16.10.0 255.255.255.254 and allow global SSH access to the ACE by entering the following commands: host1/Admin(config)# class-map type management ICMP-ALLOW_CLASS host1/Admin(config-cmap-mgmt)# match protocol icmp source-address 172.16.10.0 255.255.255.254 host1/Admin(config-cmap-mgmt)# exit host1/Admin(config)# host1/Admin(config)# class-map type management SSH-ALLOW_CLASS host1/Admin(config-cmap-mgmt)# match protocol ssh any host1/Admin(config-cmap-mgmt)# exit host1/Admin(config)# host1/Admin(config)# policy-map type management first-match L4_MGMT_POLICY host1/Admin(config-pmap-mgmt)# class ICMP-ALLOW_CLASS host1/Admin(config-pmap-mgmt-c)# permit host1/Admin(config-pmap-mgmt-c)# exit host1/Admin(config-pmap-mgmt)# class SSH-ALLOW_CLASS host1/Admin(config-pmap-mgmt-c)# permit host1/Admin(config-pmap-mgmt-c)# exit host1/Admin(config-pmap-mgmt)# exit host1/Admin(config)# Create a class map to filter HTTP traffic to include an ACL that allows the ACE to receive any HTTP traffic through the VLAN by entering the following commands: host1/Admin(config)# access-list 200 extended permit tcp any any eq http host1/Admin(config)# class-map match-all L4_FILTERHTTP_CLASS host1/Admin(config-cmap)# match access-list 200 Define the following Layer 7 class maps and policy maps to filter on content and allow HTTL headers that contain the "html"expression: a. Identify HTTP headers that contain the "html" expression with a header length of 255 or less by entering the following commands: host1/Admin(config)# class-map type http inspect match-all L7_FLTRHTML1_CLASS host1/Admin(config-cmap-http-insp)# match header accept header-value html host1/Admin(config-cmap-http-insp)# match header length request eq 255 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-61