Table of Contents
Advertisement
Configuring Remote Network Management Traffic Services
Defining Layer 3 and Layer 4 Management Traffic Policy Actions
Cisco 4700 Series Application Control Engine Appliance Administration Guide
2-12
To allow the network management traffic listed in the Layer 3 and Layer 4 class
map to be received or rejected by the ACE, specify either the permit or deny
command in policy map class configuration mode.
Use the permit command in policy map class configuration mode to allow the
•
remote management protocols listed in the class map to be received by the
ACE.
Use the deny command in policy map class configuration mode to refuse the
•
remote management protocols listed in the class map to be received by the
ACE.
For example, to create a Layer 3 and Layer 4 remote network traffic management
policy map that permits SSH, Telnet, and ICMP connections to be received by the
ACE, enter:
host1/Admin(config)# policy-map type management first-match
REMOTE_MGMT_ALLOW_POLICY
host1/Admin(config-pmap-mgmt)# class SSH-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
host1/Admin(config-pmap-mgmt)# class TELNET-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
host1/Admin(config-pmap-mgmt)# class ICMP-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
For example, to create a policy map that restricts an ICMP connection by the ACE,
enter:
host1/Admin(config)# policy-map type management first-action
ICMP_RESTRICT_POLICY
host1/Admin(config-pmap-mgmt)# class ICMP-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# deny
Chapter 2
Enabling Remote Access to the ACE
OL-11157-01
Hide quick links:
Advertisement
Table of Contents
