Administration Guide
Page 6
...and Layer 4 Class Maps 4-24 Defining Layer 3 and Layer 4 Classifications for Network Traffic Passing Through the ACE 4-24 Creating a Layer 3 and Layer 4 Network Traffic Class Map 4-25 Defining a Class Map Description ...ACE 4-35 Creating a Layer 3 and Layer 4 Network Management Traffic Class Map 4-35 Defining Network Management Access Match Criteria 4-37 Configuring Layer 7 Class Maps 4-38 Defining Layer 7 Classifications for HTTP Server Load Balancing 4-39 Defining Layer 7 Classifications for HTTP Deep Packet Inspection 4-41 Defining Layer 7 Classifications for FTP Command Inspection 4-42 Cisco...
...and Layer 4 Class Maps 4-24 Defining Layer 3 and Layer 4 Classifications for Network Traffic Passing Through the ACE 4-24 Creating a Layer 3 and Layer 4 Network Traffic Class Map 4-25 Defining a Class Map Description ...ACE 4-35 Creating a Layer 3 and Layer 4 Network Management Traffic Class Map 4-35 Defining Network Management Access Match Criteria 4-37 Configuring Layer 7 Class Maps 4-38 Defining Layer 7 Classifications for HTTP Server Load Balancing 4-39 Defining Layer 7 Classifications for HTTP Deep Packet Inspection 4-41 Defining Layer 7 Classifications for FTP Command Inspection 4-42 Cisco...
Administration Guide
Page 7
... 3 and Layer 4 Policy Map for Network Management Traffic Received by the ACE 4-44 Creating a Layer 3 and Layer 4 Policy Map for Network Traffic Passing Through the ACE 4-45 Defining a Layer 3 and Layer 4 Policy Map Description 4-45 ...Load-Balancing Example 4-65 VIP With Connection Parameters Example 4-66 Example of a Traffic Policy Configuration 4-68 Viewing Class Maps, Policy Maps, and Service Policies 4-71 Displaying Class Map Configuration Information 4-71 Displaying Policy Map Configuration Information 4-71 Displaying Service Policy Configuration Information 4-72 OL-11157-01 Cisco...
... 3 and Layer 4 Policy Map for Network Management Traffic Received by the ACE 4-44 Creating a Layer 3 and Layer 4 Policy Map for Network Traffic Passing Through the ACE 4-45 Defining a Layer 3 and Layer 4 Policy Map Description 4-45 ...Load-Balancing Example 4-65 VIP With Connection Parameters Example 4-66 Example of a Traffic Policy Configuration 4-68 Viewing Class Maps, Policy Maps, and Service Policies 4-71 Displaying Class Map Configuration Information 4-71 Displaying Policy Map Configuration Information 4-71 Displaying Service Policy Configuration Information 4-72 OL-11157-01 Cisco...
Administration Guide
Page 18
... Series Application Control Engine Appliance Device Manager GUI Quick Configuration Note Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide Describes how to use the ACE CLI to perform the initial setup and VIP load-balancing configuration tasks. Cisco ACE 4700 Series Application Control Engine Appliance CLI Quick Configuration Note Describes how to use the...
... Series Application Control Engine Appliance Device Manager GUI Quick Configuration Note Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide Describes how to use the ACE CLI to perform the initial setup and VIP load-balancing configuration tasks. Cisco ACE 4700 Series Application Control Engine Appliance CLI Quick Configuration Note Describes how to use the...
Administration Guide
Page 19
...; Configuring bridging • Configuring Dynamic Host Configuration Protocol (DHCP) Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide Describes how to configure the following server load-balancing tasks on the ACE: • Real servers and server farms • Class maps and policy maps to load-balance traffic to real servers in server farms • Server...
...; Configuring bridging • Configuring Dynamic Host Configuration Protocol (DHCP) Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide Describes how to configure the following server load-balancing tasks on the ACE: • Real servers and server farms • Class maps and policy maps to load-balance traffic to real servers in server farms • Server...
Administration Guide
Page 115
... Cisco 4700 Series Application Control Engine (ACE) appliance. CH A P T E R 4 Configuring Class Maps and Policy Maps This chapter describes how to configure class maps and policy maps to the matching traffic. The ACE uses the individual traffic policies to implement the following functions: • Remote access using Secure Shell (SSH) or Telnet • Server load balancing...
... Cisco 4700 Series Application Control Engine (ACE) appliance. CH A P T E R 4 Configuring Class Maps and Policy Maps This chapter describes how to configure class maps and policy maps to the matching traffic. The ACE uses the individual traffic policies to implement the following functions: • Remote access using Secure Shell (SSH) or Telnet • Server load balancing...
Administration Guide
Page 117
...Network Management Protocol (SNMP), Secure Shell (SSH), or Telnet • Server load balancing based on Layer 3 and Layer 4 connection information (virtual IP address) • Application acceleration and optimization • Server load balancing based on Layer 7 HTTP-related information (such as HTTP headers, cookies,... required to filter traffic received by the ACE: • Remote access using the service-policy command that are to configure class maps and policy maps (application protocol inspection). OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration ...
...Network Management Protocol (SNMP), Secure Shell (SSH), or Telnet • Server load balancing based on Layer 3 and Layer 4 connection information (virtual IP address) • Application acceleration and optimization • Server load balancing based on Layer 7 HTTP-related information (such as HTTP headers, cookies,... required to filter traffic received by the ACE: • Remote access using the service-policy command that are to configure class maps and policy maps (application protocol inspection). OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration ...
Administration Guide
Page 119
...ACE. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-5 You create class maps to meet any , match-all) The ACE supports a system-wide maximum of FTP commands by the ACE. • Layer 7 protocol-specific classes identify server load balancing based on how the ACE... received and transmitted by the ACE. • Layer 3 and Layer 4 traffic classes contain match criteria that identify the IP network traffic that can be a member of the matching criteria are classified as the Layer 7 HTTP server load balancing and application protocol-specific fields....
...ACE. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-5 You create class maps to meet any , match-all) The ACE supports a system-wide maximum of FTP commands by the ACE. • Layer 7 protocol-specific classes identify server load balancing based on how the ACE... received and transmitted by the ACE. • Layer 3 and Layer 4 traffic classes contain match criteria that identify the IP network traffic that can be a member of the matching criteria are classified as the Layer 7 HTTP server load balancing and application protocol-specific fields....
Administration Guide
Page 120
...you can specify a match criteria for Layer 7 HTTP load-balancing applications is useful as the evaluation instruction, the traffic being evaluated must match one nested class map under a different class map. You can identify evaluation instructions by the ACE Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-6 ... host1/Admin(config-cmap-http-lb)# match class-map URLCHK_SLB_L7_CLASS host1/Admin(config-cmap-http-lb)# exit The ACE allows you to configure two Layer 7 HTTP load-balancing class maps in the traffic class, you specify match-all keywords.
...you can specify a match criteria for Layer 7 HTTP load-balancing applications is useful as the evaluation instruction, the traffic being evaluated must match one nested class map under a different class map. You can identify evaluation instructions by the ACE Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-6 ... host1/Admin(config-cmap-http-lb)# match class-map URLCHK_SLB_L7_CLASS host1/Admin(config-cmap-http-lb)# exit The ACE allows you to configure two Layer 7 HTTP load-balancing class maps in the traffic class, you specify match-all keywords.
Administration Guide
Page 121
... maximum of classes. No additional actions are multiple instances of actions of the same type configured in a policy map, the ACE performs the first action encountered of the same type that multiple sets of classes exist in the policy map and allow a...match keyword, the ACE executes the specified action only for traffic classification. The ACE applies a first-match execution process to associate a Layer 7 load-balancing policy map, you nest the load-balancing policy map by using the Layer 3 and Layer 4 loadbalance policy command. OL-11157-01 Cisco 4700 Series Application ...
... maximum of classes. No additional actions are multiple instances of actions of the same type configured in a policy map, the ACE performs the first action encountered of the same type that multiple sets of classes exist in the policy map and allow a...match keyword, the ACE executes the specified action only for traffic classification. The ACE applies a first-match execution process to associate a Layer 7 load-balancing policy map, you nest the load-balancing policy map by using the Layer 3 and Layer 4 loadbalance policy command. OL-11157-01 Cisco 4700 Series Application ...
Administration Guide
Page 122
... an implicit match-any traffic classification. The policy lookup order is based on the interface. The policy lookup order of the ACE is as follows: 1. Load balancing based on a virtual IP (VIP) Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-8 OL-11157-01 Class Map and Policy Map Overview Chapter 4 Configuring Class Maps...
... an implicit match-any traffic classification. The policy lookup order is based on the interface. The policy lookup order of the ACE is as follows: 1. Load balancing based on a virtual IP (VIP) Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-8 OL-11157-01 Class Map and Policy Map Overview Chapter 4 Configuring Class Maps...
Administration Guide
Page 125
...of incoming traffic 5. (Optional) Specify the match any command cannot be classified as the server load-balancing matching criteria in the class map. host1/Admin(config-cmap)# match access-list INBOUND 8. (...it. host1/Admin(config-cmap)# match any Note The match any command if you want the ACE to be used as part of the traffic class. If you will enter class map configuration ... host1/Admin(config-cmap)# match source-address 192.168.10.1 255.255.255.0 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-11 Create one or more Layer 3 and Layer...
...of incoming traffic 5. (Optional) Specify the match any command cannot be classified as the server load-balancing matching criteria in the class map. host1/Admin(config-cmap)# match access-list INBOUND 8. (...it. host1/Admin(config-cmap)# match any Note The match any command if you want the ACE to be used as part of the traffic class. If you will enter class map configuration ... host1/Admin(config-cmap)# match source-address 192.168.10.1 255.255.255.0 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-11 Create one or more Layer 3 and Layer...
Administration Guide
Page 128
...per line. host1/Admin# config Enter configuration commands, one or more class maps that define Layer 7 HTTP content load-balancing decisions based on creating contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. 2. If you do not specify the match-all or match...config-cmap-http-lb)# description HTTP LOAD BALANCE PROTOCOL 1 host1/Admin(config-cmap-http-lb)# match http url .*.gif host1/Admin(config-cmap-http-lb)# match http url .*.html host1/Admin(config-cmap-http-lb)# exit 4-14 Cisco 4700 Series Application Control Engine Appliance ...
...per line. host1/Admin# config Enter configuration commands, one or more class maps that define Layer 7 HTTP content load-balancing decisions based on creating contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. 2. If you do not specify the match-all or match...config-cmap-http-lb)# description HTTP LOAD BALANCE PROTOCOL 1 host1/Admin(config-cmap-http-lb)# match http url .*.gif host1/Admin(config-cmap-http-lb)# match http url .*.html host1/Admin(config-cmap-http-lb)# exit 4-14 Cisco 4700 Series Application Control Engine Appliance ...
Administration Guide
Page 129
...HTTP traffic. host1/Admin(config)# class-map type http inspect match-any L7_SSL_CLASS host1/Admin(config-cmap-http-lb)# description HTTP LOAD BALANCE PROTOCOL 1 host1/Admin(config-cmap-http-lb)# match header Host header-value .mycompanyexample.com host1/Admin(config-cmap-http-lb)#...OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-15 After you create a class map, you will enter class map HTTP application protocol inspection configuration mode. After you create a class map, you will enter class map HTTP load balancing configuration mode. ...
...HTTP traffic. host1/Admin(config)# class-map type http inspect match-any L7_SSL_CLASS host1/Admin(config-cmap-http-lb)# description HTTP LOAD BALANCE PROTOCOL 1 host1/Admin(config-cmap-http-lb)# match header Host header-value .mycompanyexample.com host1/Admin(config-cmap-http-lb)#...OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-15 After you create a class map, you will enter class map HTTP application protocol inspection configuration mode. After you create a class map, you will enter class map HTTP load balancing configuration mode. ...
Administration Guide
Page 135
... host1/Admin(config-pmap-optmz)# class L7_SLB_CLASS host1/Admin(config-pmap-optmz-c)# action ACT_LIST1 parameter OPTIMIZE_PARAM_MAP OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-21 Table 4-6 Layer 7 Policy Map Configuration Quick Start Task and... optimization along with CNTL/Z host1/Admin(config)# 3. (Optional) Create and configure a policy map that defines Layer 7 HTTP content load-balancing decisions. Chapter 4 Configuring Class Maps and Policy Maps Class Map and Policy Map Configuration Quick Start Table 4-6 provides a quick overview...
... host1/Admin(config-pmap-optmz)# class L7_SLB_CLASS host1/Admin(config-pmap-optmz-c)# action ACT_LIST1 parameter OPTIMIZE_PARAM_MAP OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-21 Table 4-6 Layer 7 Policy Map Configuration Quick Start Task and... optimization along with CNTL/Z host1/Admin(config)# 3. (Optional) Create and configure a policy map that defines Layer 7 HTTP content load-balancing decisions. Chapter 4 Configuring Class Maps and Policy Maps Class Map and Policy Map Configuration Quick Start Table 4-6 provides a quick overview...
Administration Guide
Page 137
For example, to Flash memory. host1/Admin(config)# exit host1/Admin# copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-23 Chapter 4 Configuring Class Maps and Policy Maps Class Map and Policy ...with a Layer 3 and Layer 4 policy map by using the policy-map multi-match command as specified below. • To associate a Layer 7 load-balancing policy map, nest the load-balancing policy map by using the Layer 3 and Layer 4 loadbalance policy command. • To associate a Layer 7 optimization HTTP policy map, nest the ...
For example, to Flash memory. host1/Admin(config)# exit host1/Admin# copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-23 Chapter 4 Configuring Class Maps and Policy Maps Class Map and Policy ...with a Layer 3 and Layer 4 policy map by using the policy-map multi-match command as specified below. • To associate a Layer 7 load-balancing policy map, nest the load-balancing policy map by using the Layer 3 and Layer 4 loadbalance policy command. • To associate a Layer 7 optimization HTTP policy map, nest the ...
Administration Guide
Page 140
... map since the other types of the following commands to configure the match criteria for server load balancing. 4-26 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 To classify network traffic passing through the ACE, include one or more of match commands in a class map. Configuring Layer 3 and Layer 4 Class...
... map since the other types of the following commands to configure the match criteria for server load balancing. 4-26 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 To classify network traffic passing through the ACE, include one or more of match commands in a class map. Configuring Layer 3 and Layer 4 Class...
Administration Guide
Page 146
...match criteria statements to delete long match commands instead of entering the entire line. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for server load balancing. You may combine multiple match source-address, match access-list, match destination-address, and match...The line numbers do not dictate a priority or sequence for the match statements. • vip_address-VIP server IP address of the ACE, specified in dotted decimal format (for example, 255.255.255.0). Enter an integer from the class map, enter: host1/Admin...
...match criteria statements to delete long match commands instead of entering the entire line. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for server load balancing. You may combine multiple match source-address, match access-list, match destination-address, and match...The line numbers do not dictate a priority or sequence for the match statements. • vip_address-VIP server IP address of the ACE, specified in dotted decimal format (for example, 255.255.255.0). Enter an integer from the class map, enter: host1/Admin...
Administration Guide
Page 152
... class maps in dotted-decimal notation (for FTP Command Inspection 4-38 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 The match criteria enables the ACE to the ACE from source IP address 192.168.10.1 255.255.255.0, enter:...ACE implicitly obtains the destination IP address from the class map, enter: host1/Admin(config-cmap-mgmt)# no match protocol ssh source-address 192.168.10.1 255.255.255.0 Configuring Layer 7 Class Maps A Layer 7 class map contains match criteria that the class map allows SSH access to : • Perform server load balancing...
... class maps in dotted-decimal notation (for FTP Command Inspection 4-38 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 The match criteria enables the ACE to the ACE from source IP address 192.168.10.1 255.255.255.0, enter:...ACE implicitly obtains the destination IP address from the class map, enter: host1/Admin(config-cmap-mgmt)# no match protocol ssh source-address 192.168.10.1 255.255.255.0 Configuring Layer 7 Class Maps A Layer 7 class map contains match criteria that the class map allows SSH access to : • Perform server load balancing...
Administration Guide
Page 153
... a Layer 7 server load-balancing class map based on a client source IP address • Nesting of this command is: class-map type http loadbalance [match-all and match-any ] map_name OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-39 The match-all | match-any keywords determine how the ACE evaluates multiple...
... a Layer 7 server load-balancing class map based on a client source IP address • Nesting of this command is: class-map type http loadbalance [match-all and match-any ] map_name OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-39 The match-all | match-any keywords determine how the ACE evaluates multiple...
Administration Guide
Page 154
... Policy Maps The arguments and options are: • match-all | match-any-(Optional) Determines how the ACE evaluates Layer 7 HTTP server load-balancing operations when multiple match criteria exist in the same class map is valid. For example, specifying a match-all...implicit AND) to match the Layer 7 load-balancing class map. The class map is applicable only for a HTTP server load-balancing class map, see the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide. 4-40 Cisco 4700 Series Application Control Engine Appliance Administration ...
... Policy Maps The arguments and options are: • match-all | match-any-(Optional) Determines how the ACE evaluates Layer 7 HTTP server load-balancing operations when multiple match criteria exist in the same class map is valid. For example, specifying a match-all...implicit AND) to match the Layer 7 load-balancing class map. The class map is applicable only for a HTTP server load-balancing class map, see the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide. 4-40 Cisco 4700 Series Application Control Engine Appliance Administration ...