Chapter 3
Configuring Application Protocol Inspection
Including Inline Match Statements in a Layer 7 FTP Command Inspection Policy
Map
Note
OL-16202-01
To add a description that the policy map is to perform FTP command inspection,
enter:
host1/Admin(config-pmap-ftp-ins)# description FTP command inspection
of incoming traffic
To remove the description from the policy map, enter:
host1/Admin(config-pmap-ftp-ins)# no description FTP command
inspection of incoming traffic
You can include a single inline match criteria in the policy map without specifying
a traffic class by entering an applicable Layer 7 match command. The inline
Layer 7 policy map match commands function in the same way as the Layer 7
class map match commands. However, when you use an inline match command,
you can specify an action for only a single match statement in the Layer 7 policy
map.
To specify actions for multiple match statements, use a class map as described in
the
"Associating a Layer 7 FTP Command Inspection Traffic Class with the
Traffic Policy"
section.
The syntax for this command is as follows:
match name match_statement [insert-before map_name]
The keywords, arguments, and options are as follows:
name—Name assigned to the inline match command. Enter an unquoted text
•
string with no spaces. The length of the inline match statement name plus the
length of the policy map name with which it is associated cannot exceed a
total maximum of 64 alphanumeric characters. For example, if the policy map
name is L7_POLICY (nine characters), an inline match statement name under
this policy cannot exceed 55 alphanumeric characters (64
match_statement—Inline match criteria to be used by the policy map. See
•
below for details on the match commands associated with the Layer 7 FTP
command inspection class map.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Configuring a Layer 7 FTP Command Inspection Policy
-
9 = 55).
3-35