cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1023
Views
4
Helpful
3
Replies

Layer-7 Class-maps: 'not' match-any

dlongworth
Level 1
Level 1

Hallo All,

I'm wondering if the following logic is possible on the ACEs.

First Match is:

class-map type http loadbalance match-any CM7-MatchSrcIP
   10 match source-address 192.168.0.0 255.255.0.0
   20 match source-address 172.16.0.0 255.255.0.0

class-map type http loadbalance match-any CM7-URLs
   10 match http url /testing.*

class-map type http loadbalance match-all CM7-WWW
   10 match class-map CM7-MatchSrcIP
   20 match class-map CM7-URLs

If the above URL and IP sources are matched, I want to send to a specific SF. (easy enough)

If the URL matches /testing.* but source IP address doesn't match of any of the above subnets, I want to redirect to a 'restricted' page. (ummm)

If the URL is something else (e.g. /temporary.*) with any IP source address, I want it to be load-balanced by a different SF (say like in a class-default)

Thx in adv

David

1 Accepted Solution

Accepted Solutions

Pablo
Cisco Employee
Cisco Employee

Hi David,

Sure you can try this on the ACE, you already created most of the configuration so now just need to apply the maps under the first-match policy.

According to your description this is how this policy should look like:

policy-map type loadbalance first-match SLB_LOGIC
  class CM7-WWW
    serverfarm Testing
  class CM7-URLs
    serverfarm Restricted
  class class-default
    serverfarm Any

- ACE checks for testing plus IP address matching.

- If user belongs to any other subnet then SF restricted is used.

- If none of the above statements is matched then defaul class map and SF is used.

Cheers!

__ __

Pablo


View solution in original post

3 Replies 3

Pablo
Cisco Employee
Cisco Employee

Hi David,

Sure you can try this on the ACE, you already created most of the configuration so now just need to apply the maps under the first-match policy.

According to your description this is how this policy should look like:

policy-map type loadbalance first-match SLB_LOGIC
  class CM7-WWW
    serverfarm Testing
  class CM7-URLs
    serverfarm Restricted
  class class-default
    serverfarm Any

- ACE checks for testing plus IP address matching.

- If user belongs to any other subnet then SF restricted is used.

- If none of the above statements is matched then defaul class map and SF is used.

Cheers!

__ __

Pablo


Ah! Matching the URL without the source IP and because of the class-maps respective position it should match all-else.

Thank you for your helpful reply Pablo.

And Bingo was his name-o  =)

Glad to help

__ __

Pablo

Review Cisco Networking for a $25 gift card