Configuration Example For Enabling Remote Access To The Ace - Cisco 4700M Administration Manual
Application control engine appliance
Hide thumbs
Also See for 4700M:
- Configuration manual (388 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Chapter 2
Enabling Remote Access to the ACE
Configuration Example for Enabling Remote Access to the ACE
The following CLI example shows how to configure remote access to the ACE through the use of class
maps, policy maps, and service policies.
Enter the configuration mode and set the maximum number of Telnet and SSH sessions.
Step 1
host1/Admin# config
host1/Admin(config)# telnet maxsessions 3
host1/Admin(config)# ssh maxsessions 3
Create and configure an access control list. The sample access control list shown in this step allows
Step 2
network traffic from any source. For details about configuring an access control list, see the Cisco 4700
Series Application Control Engine Appliance Security Configuration Guide.
host1/Admin(config)# access-list ACL1 line 10 extended permit ip any any
Create and configure a class map for network management traffic.
Step 3
host1/Admin(config)# class-map type management match-any L4_REMOTE-MGT_CLASS
host1/Admin(config-cmap-mgmt)# description Allows Telnet, SSH, and ICMP protocols
host1/Admin(config-cmap-mgmt)# 2 match protocol telnet any
host1/Admin(config-cmap-mgmt)# 3 match protocol ssh any
host1/Admin(config-cmap-mgmt)# 4 match protocol icmp any
host1/Admin(config-cmap-mgmt)# exit
host1/Admin(config)#
Create and configure a policy map that activates the SSH and Telnet management protocol
Step 4
classifications.
host1/Admin(config)# policy-map type management first-match L4_REMOTE-MGT_POLICY
host1/Admin(config-pmap-mgmt)# class L4_REMOTE-MGT_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
host1/Admin(config-pmap-mgmt)# exit
host1/Admin(config)#
Apply the traffic policy to a specific VLAN interface or globally to all VLAN interfaces and enable the
Step 5
interface.
Apply to a specific VLAN interface:
host1/Admin(config)# interface vlan 50
host1/Admin(config-if)# ip address 192.168.1.1 255.255.255.0
host1/Admin(config-if)# access-group input ACL1
host1/Admin(config-if)# service-policy input L4_REMOTE-MGT_POLICY
host1/Admin(config-if)# no shutdown
host1/Admin(config-if)# exit
host1/Admin(config)#
Apply globally to all VLAN interface:
host1/Admin(config)# service-policy input REMOTE_MGMT_ALLOW_POLICY
Generate the SSH private key and corresponding public key for use by the SSH server.
Step 6
host1/Admin(config)# ssh key rsa1 1024 force
Save the configuration to Flash memory.
Step 7
host1/Admin(config)# do copy running-config startup-config
OL-20823-01
Configuration Example for Enabling Remote Access to the ACE
Cisco 4700 Series Application Control Engine Appliance Administration Guide
2-25
Advertisement
Table of Contents
