Configuring Layer 7 Class Maps
Configuring Layer 7 Class Maps
Cisco 4700 Series Application Control Engine Appliance Administration Guide
4-38
source-address—Specifies a client source host IP address and subnet mask
•
as the network traffic matching criteria. As part of the classification, the ACE
implicitly obtains the destination IP address from the interface on which you
apply the policy map.
ip_address—Source IP address of the client. Enter the IP address in
•
dotted-decimal notation (for example, 192.168.11.1).
mask—The subnet mask of the client in dotted-decimal notation (for example,
•
255.255.255.0).
For example, to specify that the class map allows SSH access to the ACE from
source IP address 192.168.10.1 255.255.255.0, enter:
host1/Admin(config)# class-map type management SSH-ALLOW_CLASS
host1/Admin(config-cmap-mgmt)# match protocol ssh source-address
192.168.10.1 255.255.255.0
To deselect the specified network management protocol match criteria from the
class map, enter:
host1/Admin(config-cmap-mgmt)# no match protocol ssh source-address
192.168.10.1 255.255.255.0
A Layer 7 class map contains match criteria that classifies specific Layer 7
protocol information. The match criteria enables the ACE to:
Perform server load balancing based on an HTTP cookie, an HTTP header, an
•
HTTP URL, protocol header fields, or source IP addresses
Perform deep packet inspection of the HTTP protocol
•
Perform FTP request command filtering
•
For more information about the role of class maps in the ACE, see the
and Policy Map Overview"
This section contains the following topics:
Defining Layer 7 Classifications for HTTP Server Load Balancing
•
Defining Layer 7 Classifications for HTTP Deep Packet Inspection
•
Defining Layer 7 Classifications for FTP Command Inspection
•
Chapter 4
Configuring Class Maps and Policy Maps
section.
"Class Map
OL-11157-01