Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
2
Replies

2901 class-map not accepting IP address in match source-address or destination-address

keithsauer507
Level 5
Level 5

‎06-09-2017 05:41 AM - edited ‎03-05-2019 08:41 AM

According to Cisco's own documentation here: http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/administration/guide/admgd/mapolcy.html#wp1318524

I am trying to define a class map for a specific data backup replication traffic on a lower bandwidth interface.  We replicate our backup data to this remote appliance but if the link fails it will fallback to a 20meg point to point wireless.  This replication traffic could saturate the link, so to make the process automatic rather than logging into this appliance and adjusting its throttling policy or schedule, I was trying to define a class map with the destination ip address (or even the source ip address of the sender).

Cisco's own documentation provides these examples below, however when I try the match source-address (or even match-destination address) I get an % Invalid input detected at '^' marker.  The marker is pointed to the start of the IP address.  If I just enter match source-address ? it only offers the option for mac MAC address.

I could possibly do mac address if it is transmitted properly over the wan, but another thing is the appliances have bonded interfaces so I guess I have to put both mac's since they are in a trunk port?

What software version does one need to allow IP addresses like in Cisco's documentation?  I'm running: c2900-universalk9-mz.SPA.154-3.M1.bin and the license information is ipbasek9 and datak9.

host1/Admin(config)# class-map L4_SOURCE_IP_CLASS


host1/Admin(config-cmap)# match source-address 192.168.10.1 
255.255.255.0
Labels:
0 Helpful
2 Replies 2

keithsauer507
Level 5
Level 5

‎06-09-2017 05:49 AM

Hmm I guess this is impossible on a 2901 router?

I pinged the device that sends the replication traffic at our HQ and did arp -a and got the mac.

Created the class map, but when I went to apply it to a policy-map I got an error.

'match source-addr mac' is not allowed in an output policy

This policy-map is tied to a subinterface that is connected to that 20mbps link

This policy-map will not be tied to the other interface that is connected by 100mbps link, so when the site would fail over, I want the traffic going out this interface to throttle back automatically.

We do not have this same issue with vSphere Replication because they use TCP ports like so:

class-map match-all VR
match access-group name VRPorts

ip access-list extended VRPorts
permit tcp any any eq 44046
permit tcp any any eq 31031

I guess I could just create an access list with a permit tcp from the senders IP address... that would work wouldn't it?

0 Helpful

Julio E. Moisa
VIP
VIP

‎06-09-2017 06:46 AM

Hi

The command match source-address is just to match mac address, now if you want to match a source IP, I recommend use route maps:

route-map TEST permit 5
match ip route-source <ACL> or prefix list

The ACL or Prefix list will include the IP of routers or servers who are advertising packets. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card