Class Maps and Policy Map Examples
b.
c.
Create a Layer 3 and Layer 4 policy map to activate the traffic classifications
Step 4
outlined in the previous steps by entering the following commands:
host1/Admin(config)# policy-map multi-match L4_FILTER_POLICY
host1/Admin(config-pmap)# class L4_FILTERHTTP_CLASS
host1/Admin(config-pmap-c)# inspect http policy L7_FILTERHTML_POLICY
host1/Admin(config-pmap-c)# exit
host1/Admin(config-pmap)# exit
host1/Admin(config)#
Apply the completed policies to interface VLAN 50 by entering the following
Step 5
commands:
host1/Admin(config)# interface vlan 50
host1/Admin(config-if)# ip address 172.16.1.100 255.255.255.0
host1/Admin(config-if)# service-policy input L4_MGMT_POLICY
host1/Admin(config-if)# service-policy input L4_FILTER_POLICY
Cisco 4700 Series Application Control Engine Appliance Administration Guide
4-62
host1/Admin(config-cmap-http-insp)# exit
host1/Admin(config)#
Reject URLs containing the "BAD" string by entering the following
commands:
host1/Admin(config)# class-map type http inspect
L7_FLTRHTML2_CLASS
host1/Admin(config-cmap-http-insp)# match url BAD
host1/Admin(config-cmap-http-insp)# exit
host1/Admin(config)#
Create a Layer 7 HTTP application inspection policy by entering the
following commands:
host1/Admin(config)# policy-map type inspect http all-match
L7_FILTERHTML_POLICY
host1/Admin(config-pmap-ins-http)# class L7_FLTRHTML1_CLASS
host1/Admin(config-pmap-ins-http-c)# permit
host1/Admin(config-pmap-ins-http-c)# exit
host1/Admin(config-pmap-ins-http)# class L7_FLTRHTML2_CLASS
host1/Admin(config-pmap-ins-http-c)# reset
host1/Admin(config-pmap-ins-http-c)# exit
Chapter 4
Configuring Class Maps and Policy Maps
OL-11157-01