Cisco ACE-4710-K9 Administration Guide - Page 80
Defining Layer 3 and Layer 4 Management Traffic Policy Actions
View all Cisco ACE-4710-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 80 highlights
Configuring Remote Network Management Traffic Services Chapter 2 Enabling Remote Access to the ACE Defining Layer 3 and Layer 4 Management Traffic Policy Actions To allow the network management traffic listed in the Layer 3 and Layer 4 class map to be received or rejected by the ACE, specify either the permit or deny command in policy map class configuration mode. • Use the permit command in policy map class configuration mode to allow the remote management protocols listed in the class map to be received by the ACE. • Use the deny command in policy map class configuration mode to refuse the remote management protocols listed in the class map to be received by the ACE. For example, to create a Layer 3 and Layer 4 remote network traffic management policy map that permits SSH, Telnet, and ICMP connections to be received by the ACE, enter: host1/Admin(config)# policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY host1/Admin(config-pmap-mgmt)# class SSH-ALLOW_CLASS host1/Admin(config-pmap-mgmt-c)# permit host1/Admin(config-pmap-mgmt-c)# exit host1/Admin(config-pmap-mgmt)# class TELNET-ALLOW_CLASS host1/Admin(config-pmap-mgmt-c)# permit host1/Admin(config-pmap-mgmt-c)# exit host1/Admin(config-pmap-mgmt)# class ICMP-ALLOW_CLASS host1/Admin(config-pmap-mgmt-c)# permit host1/Admin(config-pmap-mgmt-c)# exit For example, to create a policy map that restricts an ICMP connection by the ACE, enter: host1/Admin(config)# policy-map type management first-action ICMP_RESTRICT_POLICY host1/Admin(config-pmap-mgmt)# class ICMP-ALLOW_CLASS host1/Admin(config-pmap-mgmt-c)# deny 2-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01