Cisco 4700M Configuration Manual page 153
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Chapter 3
Configuring Application Protocol Inspection
Table 3-4
Task and Command Example
4.
5.
6.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
OL-16202-01
Application Protocol Inspection Configuration Quick Start Procedures
Layer 3 and Layer 4 Application Protocol Inspection Quick Start
Create a Layer 3 and Layer 4 policy map and include the appropriate
inspect command (inspect dns, inspect ftp, inspect http, inspect icmp,
inspect ils, inspect rtsp, inspect sip, or inspect skinny for SCCP). Specify
the actions that you want to apply to the Layer 3 and Layer 4 user-defined
class map and, if appropriate, to the default class map.
For example, to specify the inspect dns command as an action for a DNS
application protocol inspection policy map, enter:
host1/Admin(config)# policy-map multi-match DNS_INSPECT_L4POLICY
host1/Admin(config-pmap)# class DNS_INSPECT_L4CLASS
host1/Admin(config-pmap-c)# inspect dns maximum-length 1000
host1/Admin(config-pmap-c)# exit
host1/Admin(config-pmap)# exit
host1/Admin(config)#
Attach the Layer 3 and Layer 4 traffic policy to a single VLAN interface or
globally on all VLAN interfaces. For example, to specify a VLAN interface
and apply multiple service policies to the VLAN, enter:
host1/Admin(config)# interface vlan50
host1/Admin(config-if)# mtu 1500
host1/Admin(config-if)# ip address 192.168.1.100 255.255.0.0
host1/Admin(config-if)# service-policy input DNS_INSPECT_L4POLICY
(Optional) Save your configuration changes to flash memory.
host1/Admin(config)# exit
host1/Admin# copy running-config startup-config
3-29
Advertisement
Table of Contents
