Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Basic ACE questions

I'm about to do my first ACE install. I'm familiar with the CSS but am having difficulty getting my arms around some ACE concepts. Your assistance is appreciated.

1) When using mutiple contexts, does the L2 configs such as trunking, channel groups, etc go into the "admin" context or do they go in the individual contexts? Is that true with the VLAN interfaces also?

2) I'm looking at the ACE quick config guide and have a questions with the example they show (see below). In particular, their use of the "default-class" and how it is listed first in the first-match policy map...

class-map match-all L4_VIP_ADDRESS_CLASS

10 match virtual-address any

policy-map type loadbalance first-match L7_VIP_LB_ORDER_POLICY


serverfarm SFARM1

policy-map type multi-match L4_LB_VIP_POLICY


loadbalance vip inservice

loadbalance L7_VIP_LB_ORDER_POLICY

3) Conceptually, the Policy Map appears to me to tie in a class-map that specifies the front-end (VIP) traffic and the class-map that ties in the back-end server farm. Is that fair?

4) Does NAT happen automatically or do I need to specify it like in the CSM?




Re: Basic ACE questions

1) Ethernet Interface config (duplex, speed, ....), Trunking ,Portchannel and FT config is done in Admin context.

You assign vlans from Admin contexts to non-Admin contexts using "allocate-interface vlan" command in Admin Context. Then you create vlan interfaces in user (Or even in Admin context if needed) contexts.

2. Default-class is only used when all classes fail to match.In situations where there is no need to match any advance characteristics of the traffic, this is the only class that is used under a policy map. One such example is Layer 4 policy.

3. There are different tpe of class-maps and policy-maps on ACE. For a typical Layer 4 LB rule You need following

a. Class-map

To match traffic against Virtual address -- VIP)

b. Multi-match policy

It will create kind of "if-then-else" logic for different "Virtual address matching" class-maps.This policy matches the vip and then call the "loadbalance policy" for interesting traffic ( which selects appropriate server farm).

c. Load balance policy

It will match a different set of class maps and will select Serverfarm based on the matching criteris (default-class is used here as last resort class).

If you need to match Layer 7 stuff (url, cookies, haeaders...) then you need to create class-maps to map these conditions and these class-maps will be used in "Load balance policy-maps"

4. Source NAT doesnt happen automatically in most LB devices (same is the case here). Normally destination NAt (VIP -> Real Server) happens by default on all LB devices (Same is the case here).


Syed Iftekhar Ahmed

New Member

Re: Basic ACE questions


Thanks for taking the time. Good stuff....this definitely helps.



CreatePlease login to create content