4-3
Cisco 4700 Series Application Control Engine Appliance Administration Guide
OL-11157-01
Chapter 4 Configuring Class Maps and Policy Maps
Class Map and Policy Map Overview
3.
Activating the policy map and attaching it to a specific VLAN interface or
globally to all VLAN interfaces associated with a context by using the
service-policy
command that are to filter traffic received by the ACE.
Traffic policies support the following feature-specific actions performed by the
ACE:
•
Remote access using the following management protocols: HTTP, HTTPS,
Internet Control Message Protocol (ICMP), Simple Network Management
Protocol (SNMP), Secure Shell (SSH), or Telnet
•
Server load balancing based on Layer 3 and Layer 4 connection information
(virtual IP address)
•
Application acceleration and optimization
•
Server load balancing based on Layer 7 HTTP-related information (such as
HTTP headers, cookies, and URLs), or client source IP address
•
SSL security services between a web browser (the client) and the HTTP
connection (the server)
•
HTTP deep packet inspection
•
FTP command request inspection
•
Application protocol inspection (also known as protocol fixup)
•
NAT
•
TCP/IP termination and normalization
•
Exchange XML documents over HTTP or secure HTTP (HTTPS)
This section contains the following overview topics:
•
Class Maps
•
Policy Maps
•
Service Policies
The flow chart shown in
Figure 4-1
shows a basic overview of the process
required to configure class maps and policy maps (application protocol
inspection). The figure also illustrates how the ACE associates the various
components of the class map and policy map configuration with each other.