Administration Guide
Page 6
...and Layer 4 Class Maps 4-24 Defining Layer 3 and Layer 4 Classifications for Network Traffic Passing Through the ACE 4-24 Creating a Layer 3 and Layer 4 Network Traffic Class Map 4-25 Defining a Class Map Description ...ACE 4-35 Creating a Layer 3 and Layer 4 Network Management Traffic Class Map 4-35 Defining Network Management Access Match Criteria 4-37 Configuring Layer 7 Class Maps 4-38 Defining Layer 7 Classifications for HTTP Server Load Balancing 4-39 Defining Layer 7 Classifications for HTTP Deep Packet Inspection 4-41 Defining Layer 7 Classifications for FTP Command Inspection 4-42 Cisco...
...and Layer 4 Class Maps 4-24 Defining Layer 3 and Layer 4 Classifications for Network Traffic Passing Through the ACE 4-24 Creating a Layer 3 and Layer 4 Network Traffic Class Map 4-25 Defining a Class Map Description ...ACE 4-35 Creating a Layer 3 and Layer 4 Network Management Traffic Class Map 4-35 Defining Network Management Access Match Criteria 4-37 Configuring Layer 7 Class Maps 4-38 Defining Layer 7 Classifications for HTTP Server Load Balancing 4-39 Defining Layer 7 Classifications for HTTP Deep Packet Inspection 4-41 Defining Layer 7 Classifications for FTP Command Inspection 4-42 Cisco...
Administration Guide
Page 7
... 3 and Layer 4 Policy Map for Network Management Traffic Received by the ACE 4-44 Creating a Layer 3 and Layer 4 Policy Map for Network Traffic Passing Through the ACE 4-45 Defining a Layer 3 and Layer 4 Policy Map Description 4-45 ...Load-Balancing Example 4-65 VIP With Connection Parameters Example 4-66 Example of a Traffic Policy Configuration 4-68 Viewing Class Maps, Policy Maps, and Service Policies 4-71 Displaying Class Map Configuration Information 4-71 Displaying Policy Map Configuration Information 4-71 Displaying Service Policy Configuration Information 4-72 OL-11157-01 Cisco...
... 3 and Layer 4 Policy Map for Network Management Traffic Received by the ACE 4-44 Creating a Layer 3 and Layer 4 Policy Map for Network Traffic Passing Through the ACE 4-45 Defining a Layer 3 and Layer 4 Policy Map Description 4-45 ...Load-Balancing Example 4-65 VIP With Connection Parameters Example 4-66 Example of a Traffic Policy Configuration 4-68 Viewing Class Maps, Policy Maps, and Service Policies 4-71 Displaying Class Map Configuration Information 4-71 Displaying Policy Map Configuration Information 4-71 Displaying Service Policy Configuration Information 4-72 OL-11157-01 Cisco...
Administration Guide
Page 18
... Control Engine Appliance Virtualization Configuration Guide Describes how to use the ACE CLI to perform the initial setup and VIP load-balancing configuration tasks. Regulatory Compliance and Safety Information for the Cisco Application Control Engine Appliance Regulatory compliance and safety information for the ACE. Cisco ACE 4700 Series Application Control Engine Appliance CLI Quick Configuration Note Describes...
... Control Engine Appliance Virtualization Configuration Guide Describes how to use the ACE CLI to perform the initial setup and VIP load-balancing configuration tasks. Regulatory Compliance and Safety Information for the Cisco Application Control Engine Appliance Regulatory compliance and safety information for the ACE. Cisco ACE 4700 Series Application Control Engine Appliance CLI Quick Configuration Note Describes...
Administration Guide
Page 19
...; Configuring bridging • Configuring Dynamic Host Configuration Protocol (DHCP) Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide Describes how to configure the following server load-balancing tasks on the ACE: • Real servers and server farms • Class maps and policy maps to load-balance traffic to real servers in server farms • Server...
...; Configuring bridging • Configuring Dynamic Host Configuration Protocol (DHCP) Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide Describes how to configure the following server load-balancing tasks on the ACE: • Real servers and server farms • Class maps and policy maps to load-balance traffic to real servers in server farms • Server...
Administration Guide
Page 115
... Cisco 4700 Series Application Control Engine (ACE) appliance. CH A P T E R 4 Configuring Class Maps and Policy Maps This chapter describes how to configure class maps and policy maps to the matching traffic. The ACE uses the individual traffic policies to implement the following functions: • Remote access using Secure Shell (SSH) or Telnet • Server load balancing...
... Cisco 4700 Series Application Control Engine (ACE) appliance. CH A P T E R 4 Configuring Class Maps and Policy Maps This chapter describes how to configure class maps and policy maps to the matching traffic. The ACE uses the individual traffic policies to implement the following functions: • Remote access using Secure Shell (SSH) or Telnet • Server load balancing...
Administration Guide
Page 117
... are to filter traffic received by the ACE: • Remote access using the following management protocols: HTTP, HTTPS, Internet Control Message Protocol (ICMP), Simple Network Management Protocol (SNMP), Secure Shell (SSH), or Telnet • Server load balancing based on Layer 3 and Layer 4 ... configure class maps and policy maps (application protocol inspection). OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-3 The figure also illustrates how the ACE associates the various components of the process required to all VLAN interfaces associated ...
... are to filter traffic received by the ACE: • Remote access using the following management protocols: HTTP, HTTPS, Internet Control Message Protocol (ICMP), Simple Network Management Protocol (SNMP), Secure Shell (SSH), or Telnet • Server load balancing based on Layer 3 and Layer 4 ... configure class maps and policy maps (application protocol inspection). OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-3 The figure also illustrates how the ACE associates the various components of the process required to all VLAN interfaces associated ...
Administration Guide
Page 119
...-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-5 Packets that can pass through the ACE or network management traffic that fail to be received by the ACE. • Layer 7 protocol-specific classes identify server load balancing based on how the ACE evaluates ...you specify more match commands that packet to meet any , match-all) The ACE supports a system-wide maximum of the matching criteria are classified as the Layer 7 HTTP server load balancing and application protocol-specific fields. A traffic class contains the following components: •...
...-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-5 Packets that can pass through the ACE or network management traffic that fail to be received by the ACE. • Layer 7 protocol-specific classes identify server load balancing based on how the ACE evaluates ...you specify more match commands that packet to meet any , match-all) The ACE supports a system-wide maximum of the matching criteria are classified as the Layer 7 HTTP server load balancing and application protocol-specific fields. A traffic class contains the following components: •...
Administration Guide
Page 120
...host1/Admin(config-cmap-http-lb)# match class-map URLCHK_SLB_L7_CLASS host1/Admin(config-cmap-http-lb)# exit The ACE allows you to configure two Layer 7 HTTP load-balancing class maps in the traffic class, you can identify evaluation instructions by using the match-all of the... that specify the actions (functions) to be performed by the ACE Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-6 OL-11157-01 host1/Admin(config)# class-map type http loadbalance match-any keywords for load balancing where the URL is to achieve complex logical expressions. If you...
...host1/Admin(config-cmap-http-lb)# match class-map URLCHK_SLB_L7_CLASS host1/Admin(config-cmap-http-lb)# exit The ACE allows you to configure two Layer 7 HTTP load-balancing class maps in the traffic class, you can identify evaluation instructions by using the match-all of the... that specify the actions (functions) to be performed by the ACE Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-6 OL-11157-01 host1/Admin(config)# class-map type http loadbalance match-any keywords for load balancing where the URL is to achieve complex logical expressions. If you...
Administration Guide
Page 121
...within a Layer 3 and Layer 4 policy map to associate a Layer 7 load-balancing policy map, you nest the load-balancing policy map by using the Layer 3 and Layer 4 loadbalance policy command. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-7 Chapter 4 Configuring Class ...Maps and Policy Maps Class Map and Policy Map Overview The ACE supports ...
...within a Layer 3 and Layer 4 policy map to associate a Layer 7 load-balancing policy map, you nest the load-balancing policy map by using the Layer 3 and Layer 4 loadbalance policy command. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-7 Chapter 4 Configuring Class ...Maps and Policy Maps Class Map and Policy Map Overview The ACE supports ...
Administration Guide
Page 122
... Chapter 4 Configuring Class Maps and Policy Maps If none of the classifications specified in policy maps match, then the ACE executes the default actions specified against the class map configured with the classification defined in class maps C1, C2, and... If the match criteria satisfies, the ACE load balances a content request to serverfarm SF1; This action results in the ACE load balancing the request to the default traffic class. TCP/UDP connection parameters 4. Load balancing based on a virtual IP (VIP) Cisco 4700 Series Application Control Engine Appliance Administration...
... Chapter 4 Configuring Class Maps and Policy Maps If none of the classifications specified in policy maps match, then the ACE executes the default actions specified against the class map configured with the classification defined in class maps C1, C2, and... If the match criteria satisfies, the ACE load balances a content request to serverfarm SF1; This action results in the ACE load balancing the request to the default traffic class. TCP/UDP connection parameters 4. Load balancing based on a virtual IP (VIP) Cisco 4700 Series Application Control Engine Appliance Administration...
Administration Guide
Page 125
...config-cmap)# match source-address 192.168.10.1 255.255.255.0 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-11 Create one or more Layer 3... access-list INBOUND 8. (Optional) Specify a source IP address and subnet mask as the server load-balancing matching criteria in the class map. host1/Admin(config-cmap)# match virtual-address 192.168.1.10 ... so that passes through it. host1/Admin(config)# class-map match-any traffic passing through the ACE. If you will enter class map configuration mode. 4. (Optional) Specify a description about the ...
...config-cmap)# match source-address 192.168.10.1 255.255.255.0 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-11 Create one or more Layer 3... access-list INBOUND 8. (Optional) Specify a source IP address and subnet mask as the server load-balancing matching criteria in the class map. host1/Admin(config-cmap)# match virtual-address 192.168.1.10 ... so that passes through it. host1/Admin(config)# class-map match-any traffic passing through the ACE. If you will enter class map configuration mode. 4. (Optional) Specify a description about the ...
Administration Guide
Page 128
...criteria in multiple contexts, observe the CLI prompt to verify that define Layer 7 HTTP content load-balancing decisions based on creating contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. 2. host1/Admin# config Enter configuration commands..., one or more class maps that you will enter class map HTTP load balancing configuration mode. Enter configuration mode....
...criteria in multiple contexts, observe the CLI prompt to verify that define Layer 7 HTTP content load-balancing decisions based on creating contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. 2. host1/Admin# config Enter configuration commands..., one or more class maps that you will enter class map HTTP load balancing configuration mode. Enter configuration mode....
Administration Guide
Page 129
... as part of the traffic class. If you will enter class map HTTP application protocol inspection configuration mode. If you will enter class map HTTP load balancing configuration mode. host1/Admin(config)# class-map type http loadbalance match-any HTTP_INSPECT_L7_CLASS host1/Admin(config-cmap-http-insp)# description HTTP protocol deep inspection of... header-value .mycompanyexample.com host1/Admin(config-cmap-http-insp)# match url length eq 10000 host1/Admin(config-cmap-http-insp)# exit OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-15
... as part of the traffic class. If you will enter class map HTTP application protocol inspection configuration mode. If you will enter class map HTTP load balancing configuration mode. host1/Admin(config)# class-map type http loadbalance match-any HTTP_INSPECT_L7_CLASS host1/Admin(config-cmap-http-insp)# description HTTP protocol deep inspection of... header-value .mycompanyexample.com host1/Admin(config-cmap-http-insp)# match url length eq 10000 host1/Admin(config-cmap-http-insp)# exit OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-15
Administration Guide
Page 135
...pmap-lb-c)# serverfarm FARM2 backup FARM3 sticky 4. (Optional) Create and configure a policy map that defines Layer 7 HTTP content load-balancing decisions. host/Admin(config)# policy-map type optimization http first-match L7_OPTIMIZATION_POLICY host1/Admin(config-pmap-optmz)# description This policy map...activities host1/Admin(config-pmap-optmz)# class L7_SLB_CLASS host1/Admin(config-pmap-optmz-c)# action ACT_LIST1 parameter OPTIMIZE_PARAM_MAP OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-21 host1/Admin# changeto C1 host1/C1# The rest of the ...
...pmap-lb-c)# serverfarm FARM2 backup FARM3 sticky 4. (Optional) Create and configure a policy map that defines Layer 7 HTTP content load-balancing decisions. host/Admin(config)# policy-map type optimization http first-match L7_OPTIMIZATION_POLICY host1/Admin(config-pmap-optmz)# description This policy map...activities host1/Admin(config-pmap-optmz)# class L7_SLB_CLASS host1/Admin(config-pmap-optmz-c)# action ACT_LIST1 parameter OPTIMIZE_PARAM_MAP OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-21 host1/Admin# changeto C1 host1/C1# The rest of the ...
Administration Guide
Page 137
... 3 and Layer 4 policy map by using the policy-map multi-match command as specified below. • To associate a Layer 7 load-balancing policy map, nest the load-balancing policy map by using the Layer 3 and Layer 4 loadbalance policy command. • To associate a Layer 7 optimization HTTP policy map,... the Layer 3 and Layer 4 inspect ftp policy command. host1/Admin(config)# exit host1/Admin# copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-23 For example, to Flash memory. host1/Admin(config)# interface vlan 50 host1...
... 3 and Layer 4 policy map by using the policy-map multi-match command as specified below. • To associate a Layer 7 load-balancing policy map, nest the load-balancing policy map by using the Layer 3 and Layer 4 loadbalance policy command. • To associate a Layer 7 optimization HTTP policy map,... the Layer 3 and Layer 4 inspect ftp policy command. host1/Admin(config)# exit host1/Admin# copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-23 For example, to Flash memory. host1/Admin(config)# interface vlan 50 host1...
Administration Guide
Page 140
... match commands in a class map. • You can include only one or more of VIP address, protocol, and port as matching criteria for server load balancing. 4-26 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Configuring Layer 3 and Layer 4 Class Maps Chapter 4 Configuring Class Maps and Policy Maps When... combine multiple match access-list, match source-address, match destination-address, and match port commands in a class map. To classify network traffic passing through the ACE, include one match any command within a class map.
... match commands in a class map. • You can include only one or more of VIP address, protocol, and port as matching criteria for server load balancing. 4-26 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Configuring Layer 3 and Layer 4 Class Maps Chapter 4 Configuring Class Maps and Policy Maps When... combine multiple match access-list, match source-address, match destination-address, and match port commands in a class map. To classify network traffic passing through the ACE, include one match any command within a class map.
Administration Guide
Page 146
..., enter: host1/Admin(config-cmap)# no line_number to identify individual match commands. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for details about configuring the ACE to 255 as matching criteria for server load balancing, use the match virtual-address command in dotted-decimal notation (for example, 255.255.255...
..., enter: host1/Admin(config-cmap)# no line_number to identify individual match commands. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for details about configuring the ACE to 255 as matching criteria for server load balancing, use the match virtual-address command in dotted-decimal notation (for example, 255.255.255...
Administration Guide
Page 152
... 255.255.255.0). For example, to : • Perform server load balancing based on which you apply the policy map. • ip_address-Source IP address of the client in the ACE, see the "Class Map and Policy Map Overview" section. The ...ACE to specify that classifies specific Layer 7 protocol information. Enter the IP address in dotted-decimal notation (for FTP Command Inspection 4-38 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 This section contains the following topics: • Defining Layer 7 Classifications for HTTP Server Load Balancing...
... 255.255.255.0). For example, to : • Perform server load balancing based on which you apply the policy map. • ip_address-Source IP address of the client in the ACE, see the "Class Map and Policy Map Overview" section. The ...ACE to specify that classifies specific Layer 7 protocol information. Enter the IP address in dotted-decimal notation (for FTP Command Inspection 4-38 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 This section contains the following topics: • Defining Layer 7 Classifications for HTTP Server Load Balancing...
Administration Guide
Page 153
...HTTP headers, HTTP URLs, protocol header fields, or source IP addresses. The match-all | match-any keywords determine how the ACE evaluates multiple match statements operations when multiple match criteria exist in a group that classifies specific Layer 7 network traffic. A single class...-map type http loadbalance [match-all and match-any ] map_name OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-39 For example, you can configure a Layer 7 HTTP server load-balancing class map to define multiple URLs, cookies, and HTTP headers in a Layer ...
...HTTP headers, HTTP URLs, protocol header fields, or source IP addresses. The match-all | match-any keywords determine how the ACE evaluates multiple match statements operations when multiple match criteria exist in a group that classifies specific Layer 7 network traffic. A single class...-map type http loadbalance [match-all and match-any ] map_name OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-39 For example, you can configure a Layer 7 HTTP server load-balancing class map to define multiple URLs, cookies, and HTTP headers in a Layer ...
Administration Guide
Page 154
...Policy Maps The arguments and options are: • match-all | match-any-(Optional) Determines how the ACE evaluates Layer 7 HTTP server load-balancing operations when multiple match criteria exist in the same class map. • map_name-Name assigned to the...) Network traffic needs to match the Layer 7 load-balancing class map. match-all condition for a HTTP server load-balancing class map, see the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide. 4-40 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL...
...Policy Maps The arguments and options are: • match-all | match-any-(Optional) Determines how the ACE evaluates Layer 7 HTTP server load-balancing operations when multiple match criteria exist in the same class map. • map_name-Name assigned to the...) Network traffic needs to match the Layer 7 load-balancing class map. match-all condition for a HTTP server load-balancing class map, see the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide. 4-40 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL...