Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
1
Replies

Denying clients to a VIP

nygenxny123
Level 1
Level 1

‎03-01-2011 10:48 AM

currently we have access lists that allow any traffic to the interfaces

however a new design has come up about setting up a new VIP and only allowing 6 hosts to that VIP

we still want to keep the any any on the interface-but

would I do this using class maps?

i would have to set up a new service policy too ..i would imagine

Labels:
0 Helpful
1 Reply 1

amacuz
Level 1
Level 1

‎03-02-2011 12:34 AM

Hi nygenxny123,

the easiest way is indeed to control which traffic is processed by the ACE via the ACL.

However you could do it this way (being SFARM1 your existing serverfarm)

class-map match-all MYCL
  2 match virtual-address 10.20.30.40 tcp eq www

class-map type generic match-any C-SRC-IP
  2 match source-address 1.1.1.1 255.255.255.255
  3 match source-address 2.2.2.2 255.255.255.255

  4 match source-address 3.3.3.3 255.255.255.255

policy-map type loadbalance generic first-match PM-SRC-IP
  class C-SRC-IP
    serverfarm SFARM1
  class class-default
    drop

policy-map multi-match MMPOL
  class MYCL
    loadbalance vip inservice
    loadbalance policy PM-SRC-IP
    loadbalance vip icmp-reply active

Still I would recommend to use the ACL.

Hope this helps,

Alessandro

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card