Chapter 3
Configuring Application Protocol Inspection
Configuring an FTP Inspection Class Map
Creating an FTP Inspection Class Map
OL-16202-01
This section contains the following topics:
Creating an FTP Inspection Class Map
•
Adding a Layer 7 FTP Inspection Class Map Description
•
Defining FTP Match Request Methods
•
You can define a class map to be used for the inspection of FTP request commands
by using the class-map type ftp inspect command in configuration mode.
The syntax of this command is as follows:
class-map type ftp inspect match-any map_name
The keywords and arguments are as follows:
match-any—Determines how the ACE inspects FTP request commands
•
when multiple match criteria exist in a class map. Only one of the match
criteria listed in the class map is satisfied to match the FTP command
inspection class in the class map.
map_name—Name assigned to the class map. Enter an unquoted text string
•
with no spaces and a maximum of 64 alphanumeric characters. The class
name is used for both the class map and to configure policy for the class in
the policy map.
The CLI displays the class map FTP command inspection configuration mode. To
classify the FTP request commands for inspection by the ACE, include one or
more of the match request-method commands to configure the match criteria for
the Layer 7 class map. See the
For example, to specify FTP_INSPECT_L7CLASS as the name of a class map
and identify that at least one FTP inspection command in the class map must be
satisfied for the ACE to indicate a match, enter:
host1/Admin(config)# class-map type ftp inspect match-any
FTP_INSPECT_L7CLASS
host1/Admin(config-cmap-ftp-insp)# match request-method cdup
host1/Admin(config-cmap-ftp-insp)# match request-method mkdir
host1/Admin(config-cmap-ftp-insp)# match request-method get
host1/Admin(config-cmap-ftp-insp)# match request-method put
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Configuring a Layer 7 FTP Command Inspection Policy
"Defining FTP Match Request Methods"
section.
3-31