Configuring a Layer 3 and Layer 4 Application Protocol Inspection Traffic Policy
Adding a Layer 3 and Layer 4 Class Map Description
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-94
description—See the
•
section.
match access-list—See the
•
match port —See the
•
Match Criteria"
section.
Follow these guidelines when creating a class map to define a Layer 3 and Layer
4 match classification:
•
You may combine multiple match access-list and match port commands in
a class map.
•
The matched traffic depends on the individual inspect command specified in
the policy map. See
protocols supported by the ACE with the IP protocol and port.
For example, to define a Layer 3 and Layer 4 class map, enter:
host1/Admin(config)# class-map match-all DNS_INSPECT_L4CLASS
host1/Admin(config-cmap)# description DNS application protocol
inspection of incoming traffic
host1/Admin(config-cmap)# match port udp eq domain
To remove a Layer 3 and Layer 4 network traffic class map from the ACE, enter:
host1/Admin(config)# no class-map match-all DNS_INSPECT_L4CLASS
This section contains the following topics:
Adding a Layer 3 and Layer 4 Class Map Description
•
Defining Access-List Match Criteria
•
•
Defining TCP/UDP Port Number or Port Range Match Criteria
You can use the description command to provide a brief summary of the Layer 3
and Layer 4 class map. You must access the class map configuration mode to
specify the description command.
The syntax of this command is as follows:
description text
The text argument is an unquoted text string with a maximum of
240 alphanumeric characters.
Chapter 3
Configuring Application Protocol Inspection
"Adding a Layer 3 and Layer 4 Class Map Description"
"Defining Access-List Match Criteria"
"Defining TCP/UDP Port Number or Port Range
Table 3-1
for a summary of the application inspection
section.
OL-16202-01