Chapter 4 Configuring Class Maps and Policy Maps
Class Maps and Policy Map Examples
4-62
Cisco 4700 Series Application Control Engine Appliance Administration Guide
OL-11157-01
host1/Admin(config-cmap-http-insp)# exit
host1/Admin(config)#
b. Reject URLs containing the “BAD” string by entering the following
commands:
host1/Admin(config)# class-map type http inspect
L7_FLTRHTML2_CLASS
host1/Admin(config-cmap-http-insp)# match url BAD
host1/Admin(config-cmap-http-insp)# exit
host1/Admin(config)#
c. Create a Layer 7 HTTP application inspection policy by entering the
following commands:
host1/Admin(config)# policy-map type inspect http all-match
L7_FILTERHTML_POLICY
host1/Admin(config-pmap-ins-http)# class L7_FLTRHTML1_CLAS
S
host1/Admin(config-pmap-ins-http-c)# permit
host1/Admin(config-pmap-ins-http-c)# exit
host1/Admin(config-pmap-ins-http)# class L7_FLTRHTML2_CLAS
S
host1/Admin(config-pmap-ins-http-c)# reset
host1/Admin(config-pmap-ins-http-c)# exit
Step 4 Create a Layer 3 and Layer 4 policy map to activate the traffic classifications
outlined in the previous steps by entering the following commands:
host1/Admin(config)# policy-map multi-match L4_FILTER_POLICY
host1/Admin(config-pmap)# class L
4_FILTERHTTP_CLASS
host1/Admin(config-pmap-c)# inspe
ct http policy L7_FILTERHTML_POLICY
host1/Admin(config-pmap-c)# exit
host1/Admin(config-pmap)# exit
host1/Admin(config)#
Step 5 Apply the completed policies to interface VLAN 50 by entering the following
commands:
host1/Admin(config)# interface vlan 50
host1/Admin(config-if)# ip addres
s 172.16.1.100 255.255.255.0
host1/Admin(config-if)# service-p
olicy input L4_MGMT_POLICY
host1/Admin(config-if)# service-p
olicy input L4_FILTER_POLICY
To Next Page
Loading...
