07-23-2012 08:09 AM
Hi,
I hav ACE 4710, I am trying to configure a policy in which when specific Client tries to access the
speicific Destination. ACE should not send the traffic to load balancing. It should directly send to the
next Hop.
I configred the below but didnt able to achieve my object.
access-list source_IP line 8 extended permit ip host 192.168.146.123 host 198.xx.xx.2
class-map match-all CM_BYPASS_SOURCE
2 match access-list source_IP
policy-map type loadbalance http first-match PM_L7_BYPASS_SOURCE
class class-default
forward
policy-map multi-match PM_BYPASS_SOURCE
class CM_BYPASS_SOURCE
interface vlan 500
service-policy input PM_BYPASS_SOURCE
service-policy input PM_MAIN_SERVER
But I am not able to reach to destination. MY source traffic is still diverting to the Load balancing server. I dont want it to redirect to LB server.
Please assist what I am missing.
07-30-2012 04:10 AM
Hi,
Request for assistance in achieving the below mention requirement.
How can I bypass my specific source IP not to load balance when they are hitting to specific External Public IP address.
07-31-2012 03:57 AM
Hi,
Appreciate your help in this regard.
07-31-2012 07:30 AM
honeslty, that's going to be painful to setup. If possible, let the proxy/cache decide what to bypass.
Anyway, the right way to do it.
If you want to some source to bypass the proxy completely, you should do it inside the 'loadbalance' policy-map.
ie:
policy-map type loadbalance http first-match PM_LB_SF_BCPROXY_https
match BYPASS1 source-address 192.168.80.89 255.255.255.255
forward
match ....
...
Obviously, if this is per destination, your way should work.
Except that for traffic matching cisco but not being a bypass source you will have trouble since there is no matching rule.
Once we matched a multimatch entry, we try to find a corresponding action. If none, traffic is dropped. We do not go to the next multi-match.
So in your case, you should configure a class-default to loadbalance the other traffic.
In your output, there is no match to your policy.
Take a sniffer trace to see if you do get traffic sent to the ip you configured.
There are multiple ip for www.cisco.com
ie for me :
C:\Users\gdufour>ping www.cisco.com
Pinging origin-www.cisco.com [72.163.4.161]
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide