Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1994
Views
3
Helpful
17
Replies

Source Base Policy

wasiimcisco
Level 1
Level 1

‎07-23-2012 08:09 AM

Hi,

I hav ACE 4710, I am trying to configure a policy in which when specific Client tries to access the

speicific Destination. ACE should not send the traffic to load balancing. It should directly send to the

next Hop.

I configred the below but didnt able to achieve my object.


access-list source_IP line 8 extended permit ip host 192.168.146.123 host 198.xx.xx.2


class-map match-all CM_BYPASS_SOURCE
  2 match access-list source_IP

policy-map type loadbalance http first-match PM_L7_BYPASS_SOURCE
  class class-default
    forward

policy-map multi-match PM_BYPASS_SOURCE

  class CM_BYPASS_SOURCE

interface vlan 500

 

  service-policy input PM_BYPASS_SOURCE

  service-policy input PM_MAIN_SERVER

But I am not able to reach to destination. MY source traffic is still diverting to the Load balancing server. I dont want it to redirect to LB server.

Please assist what I am missing.

Labels:
0 Helpful
17 Replies 17

wasiimcisco
Level 1
Level 1
In response to wasiimcisco

‎07-30-2012 04:10 AM

Hi,

Request for assistance in achieving the below mention requirement.

How can I bypass my specific source IP not to load balance when they are hitting to specific External Public IP address.

0 Helpful

wasiimcisco
Level 1
Level 1
In response to wasiimcisco

‎07-31-2012 03:57 AM

Hi,

Appreciate your help in this regard.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to wasiimcisco

‎07-31-2012 07:30 AM

honeslty, that's going to be painful to setup.  If possible, let the proxy/cache decide what to bypass.

Anyway, the right way to do it.

If you want to some source to bypass the proxy completely, you should do it inside the 'loadbalance' policy-map.

ie:

policy-map type loadbalance http first-match PM_LB_SF_BCPROXY_https

  match BYPASS1 source-address 192.168.80.89 255.255.255.255

    forward

  match ....

    ...

Obviously, if this is per destination, your way should work.

Except that for traffic matching cisco but not being a bypass source you will have trouble since there is no matching rule.

Once we matched a multimatch entry, we try to find a corresponding action.  If none, traffic is dropped.  We do not go to the next multi-match.

So in your case, you should configure a class-default to loadbalance the other traffic.

In your output, there is no match to your policy.

Take a sniffer trace to see if you do get traffic sent to the ip you configured.

There are multiple ip for www.cisco.com

ie for me :

C:\Users\gdufour>ping www.cisco.com

Pinging origin-www.cisco.com [72.163.4.161]

Gilles.

0 Helpful
Customers Also Viewed These Support Documents