06-09-2017 05:41 AM - edited 03-05-2019 08:41 AM
According to Cisco's own documentation here: http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/administration/guide/admgd/mapolcy.html#wp1318524
I am trying to define a class map for a specific data backup replication traffic on a lower bandwidth interface. We replicate our backup data to this remote appliance but if the link fails it will fallback to a 20meg point to point wireless. This replication traffic could saturate the link, so to make the process automatic rather than logging into this appliance and adjusting its throttling policy or schedule, I was trying to define a class map with the destination ip address (or even the source ip address of the sender).
Cisco's own documentation provides these examples below, however when I try the match source-address (or even match-destination address) I get an % Invalid input detected at '^' marker. The marker is pointed to the start of the IP address. If I just enter match source-address ? it only offers the option for mac MAC address.
I could possibly do mac address if it is transmitted properly over the wan, but another thing is the appliances have bonded interfaces so I guess I have to put both mac's since they are in a trunk port?
What software version does one need to allow IP addresses like in Cisco's documentation? I'm running: c2900-universalk9-mz.SPA.154-3.M1.bin and the license information is ipbasek9 and datak9.
host1/Admin(config)# class-map L4_SOURCE_IP_CLASS
host1/Admin(config-cmap)# match source-address 192.168.10.1 255.255.255.0
06-09-2017 05:49 AM
Hmm I guess this is impossible on a 2901 router?
I pinged the device that sends the replication traffic at our HQ and did arp -a and got the mac.
Created the class map, but when I went to apply it to a policy-map I got an error.
'match source-addr mac' is not allowed in an output policy
This policy-map is tied to a subinterface that is connected to that 20mbps link
This policy-map will not be tied to the other interface that is connected by 100mbps link, so when the site would fail over, I want the traffic going out this interface to throttle back automatically.
We do not have this same issue with vSphere Replication because they use TCP ports like so:
class-map match-all VR
match access-group name VRPorts
ip access-list extended VRPorts
permit tcp any any eq 44046
permit tcp any any eq 31031
I guess I could just create an access list with a permit tcp from the senders IP address... that would work wouldn't it?
06-09-2017 06:46 AM
Hi
The command match source-address is just to match mac address, now if you want to match a source IP, I recommend use route maps:
route-map TEST permit 5
match ip route-source <ACL> or prefix list
The ACL or Prefix list will include the IP of routers or servers who are advertising packets.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide