Applying A Service Policy Globally To All Vlan Interfaces In The Same Context - Cisco 4700M Administration Manual
Application control engine appliance
Hide thumbs
Also See for 4700M:
- Configuration manual (388 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Chapter 2
Enabling Remote Access to the ACE
Command
Step 5
permit | deny
Example:
host1/Admin(config-pmap-mgmt-c)# permit
Step 6
do copy running-config startup-config
Example:
host1/Admin(config-pmap-mgmt-c)# do copy
running-config startup-config
Examples
The following example shows how to create a Layer 3 and Layer 4 remote network traffic management
policy map that permits SSH, Telnet, and ICMP connections to be received by the ACE:
host1/Admin(config)# policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
host1/Admin(config-pmap-mgmt)# class SSH-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
host1/Admin(config-pmap-mgmt)# class TELNET-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
host1/Admin(config-pmap-mgmt)# class ICMP-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# permit
host1/Admin(config-pmap-mgmt-c)# exit
The following example shows how to create a policy map that restricts an ICMP connection by the ACE:
host1/Admin(config)# policy-map type management first-action ICMP_RESTRICT_POLICY
host1/Admin(config-pmap-mgmt)# class ICMP-ALLOW_CLASS
host1/Admin(config-pmap-mgmt-c)# deny
Applying a Service Policy Globally to All VLAN Interfaces in the Same Context
This section describes how to apply a previously created policy map globally to all VLAN interfaces in
the same context.
Note the following guidelines when applying a service policy:
•
•
You can remove a traffic policy map from a VLAN by using either of the following methods:
•
•
OL-20823-01
Policy maps, applied globally in a context, are internally applied on all interfaces existing in the
context.
A policy activated on an interface overwrites any specified global policies for overlapping
classification and actions.
Individually from the last VLAN interface on which you applied the service policy
Globally from all VLAN interfaces in the same context
Cisco 4700 Series Application Control Engine Appliance Administration Guide
Purpose
Allows the network management traffic listed in the Layer 3 and
Layer 4 class map to be received or rejected by the ACE as
follows:
Use the permit command in policy map class configuration
•
mode to allow the remote management protocols listed in the
class map to be received by the ACE.
Use the deny command in policy map class configuration
•
mode to refuse the remote management protocols listed in
the class map to be received by the ACE.
(Optional) Copies the running configuration to the startup
configuration.
Enabling Remote Access to the ACE
2-11
Advertisement
Table of Contents
