Chapter 2 Enabling Remote Access to the ACE
Configuring Remote Network Management Traffic Services
2-12
Cisco 4700 Series Application Control Engine Appliance Administration Guide
OL-11157-01
Defining Layer 3 and Layer 4 Management Traffic Policy Actions
To allow the network management traffic listed in the Layer 3 and Layer 4 class
map to be received or rejected by the ACE, specify either the permit or deny
command in policy map class configuration mode.
• Use the permit command in policy map class configuration mode to allow the
remote management protocols listed in the class map to be received by the
ACE.
• Use the deny command in policy map class configuration mode to refuse the
remote management protocols listed in the class map to be received by the
ACE.
For example, to create a Layer 3 and Layer 4 remot
e network traffic management
policy map that permits SSH, Telnet, and ICMP connections to be received by the
ACE, enter:
host1/Admin(config)# policy-map type management first-match
REMOTE_MGMT_ALLOW_POLICY
host1/Admin(config-pmap-mgmt)# cl
ass SSH-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
host1/Admin(config-pmap-mgmt)# cl
ass TELNET-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
host1/Admin(config-pmap-mgmt)# cl
ass ICMP-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
For example, to create a policy map that restricts an ICMP connection by the ACE,
enter:
host1/Admin(config)# policy-map type management first-action
ICMP_RESTRICT_POLICY
host1/Admin(config-pmap-mgmt)# cl
ass ICMP-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# deny
To Next Page
Loading...
