Chapter 3
Configuring Application Protocol Inspection
Applying a Service Policy
OL-16202-01
For example, to specify the appl-parameter http advanced-options command as
an action for the SIP packet inspection policy map, enter:
host1/Admin(config)# policy-map multi-match SIP_INSPECT_L4POLICY
host1/Admin(config-pmap)# class SIP_INSPECT_L4CLASS
host1/Admin(config-pmap-c)# appl-parameter sip advanced-options
SIP_PARAM_MAP1
To dissociate the SIP parameter map as an action from the SIP packet inspection
policy map, enter:
host1/Admin(config-pmap-c)# no appl-parameter sip advanced-options
SIP_PARAM_MAP1
You can use the service-policy command to do the following tasks:
Apply a previously created policy map.
•
Attach the traffic policy to a specific VLAN interface or globally to all VLAN
•
interfaces in the same context.
Specify that the traffic policy is to be attached to the input direction of an
•
interface.
The service-policy command is available at both the interface configuration
mode and at the configuration mode. Specifying a policy map in the interface
configuration mode applies the policy map to a specific VLAN interface.
Specifying a policy map in the configuration mode applies the policy to all of the
VLAN interfaces associated with a context.
The syntax of this command is as follows:
service-policy input policy_name
The keywords and arguments are as follows:
•
input—Specifies that the traffic policy is to be attached to the input direction
of a VLAN interface. The traffic policy evaluates all traffic received by that
interface.
policy_name—Name of a previously defined policy map, configured with a
•
previously created policy-map command. The name can be a maximum of 64
alphanumeric characters.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Applying a Service Policy
3-123