Chapter 3
Configuring Application Protocol Inspection
Configuring a Layer 3 and Layer 4 Policy Map
Creating a Layer 3 and Layer 4 Policy Map
OL-16202-01
Configuring a Layer 3 and Layer 4 Application Protocol Inspection Traffic Policy
This section describes how to configure a Layer 3 and Layer 4 policy that defines
an HTTP deep packet inspection, FTP command inspection, or application
protocol inspection traffic policy.
This section contains the following topics:
Creating a Layer 3 and Layer 4 Policy Map
•
Adding a Layer 3 and Layer 4 Policy Map Description
•
Specifying a Layer 3 and Layer 4 Traffic Class with the Traffic Policy
•
Defining Layer 3 and Layer 4 Application Protocol Inspection Policy Actions
•
You can use the policy-map multi-match configuration command to configure a
Layer 3 and Layer 4 policy map that defines the application inspection policies.
The ACE attempts to match multiple classes within the Layer 3 and Layer 4 policy
map but can match only one class within each of the sets of traffic classes. If a
classification matches more than one class map, then the ACE executes all of the
corresponding actions. However, for a specific feature, the ACE executes only the
first matching classification action.
The syntax of this command is as follows:
policy-map multi-match map_name
The map_name argument is the name assigned to the policy map. Enter an
unquoted text string with no spaces and a maximum of 64 alphanumeric
characters.
For example, to create a Layer 3 and Layer 4 network traffic policy map, enter:
host1/Admin(config)# policy-map multi-match HTTP_INSPECT_L4POLICY
host1/Admin(config-pmap)#
The CLI displays the policy map configuration mode.
To remove a Layer 3 and Layer 4 policy map from the ACE, enter:
host1/Admin(config)# no policy-map multi-match HTTP_INSPECT_L4POLICY
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-99