Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1029
Views
4
Helpful
3
Replies

Layer-7 Class-maps: 'not' match-any

Go to solution
dlongworth
Level 1
Level 1

‎08-24-2010 12:58 AM

Hallo All,

I'm wondering if the following logic is possible on the ACEs.

First Match is:

class-map type http loadbalance match-any CM7-MatchSrcIP
   10 match source-address 192.168.0.0 255.255.0.0
   20 match source-address 172.16.0.0 255.255.0.0

class-map type http loadbalance match-any CM7-URLs
   10 match http url /testing.*

class-map type http loadbalance match-all CM7-WWW
   10 match class-map CM7-MatchSrcIP
   20 match class-map CM7-URLs

If the above URL and IP sources are matched, I want to send to a specific SF. (easy enough)

If the URL matches /testing.* but source IP address doesn't match of any of the above subnets, I want to redirect to a 'restricted' page. (ummm)

If the URL is something else (e.g. /temporary.*) with any IP source address, I want it to be load-balanced by a different SF (say like in a class-default)

Thx in adv

David

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Pablo
Cisco Employee
Cisco Employee

‎08-24-2010 10:38 AM

Hi David,

Sure you can try this on the ACE, you already created most of the configuration so now just need to apply the maps under the first-match policy.

According to your description this is how this policy should look like:

policy-map type loadbalance first-match SLB_LOGIC
  class CM7-WWW
    serverfarm Testing
  class CM7-URLs
    serverfarm Restricted
  class class-default
    serverfarm Any

- ACE checks for testing plus IP address matching.

- If user belongs to any other subnet then SF restricted is used.

- If none of the above statements is matched then defaul class map and SF is used.

Cheers!

__ __

Pablo


View solution in original post

3 Replies 3

Go to solution
Pablo
Cisco Employee
Cisco Employee

‎08-24-2010 10:38 AM

Hi David,

Sure you can try this on the ACE, you already created most of the configuration so now just need to apply the maps under the first-match policy.

According to your description this is how this policy should look like:

policy-map type loadbalance first-match SLB_LOGIC
  class CM7-WWW
    serverfarm Testing
  class CM7-URLs
    serverfarm Restricted
  class class-default
    serverfarm Any

- ACE checks for testing plus IP address matching.

- If user belongs to any other subnet then SF restricted is used.

- If none of the above statements is matched then defaul class map and SF is used.

Cheers!

__ __

Pablo


Go to solution
dlongworth
Level 1
Level 1
In response to Pablo

‎08-24-2010 04:12 PM

Ah! Matching the URL without the source IP and because of the class-maps respective position it should match all-else.

Thank you for your helpful reply Pablo.

0 Helpful

Go to solution
Pablo
Cisco Employee
Cisco Employee
In response to dlongworth

‎08-24-2010 10:32 PM

And Bingo was his name-o  =)

Glad to help

__ __

Pablo

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card