Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSS 11503 Bypassing Content Rules

Hi,

I am trying to decipher how to bypass the content rules being processed to allow the traffic to go direct to the real (origin) server without going via a loadbalanced device. As I know the destination IP's it seems to me that I can use ACL's with the bypass keyword, to bypass the rule engine. If this is true, then I have a couple of questions regarding ACL's in CSS.

1. CSS ACL's seem to support 255 clauses, can they support more entries say 500?

2. If the answer to Q1 is no, then can I apply more than one ACL to a circuit?

BR

Alan

5 REPLIES
Cisco Employee

Re: CSS 11503 Bypassing Content Rules

Alan,

it's more simple than that.

If you want to access the real server directly use its ip address instead of the virtual ip.

The CSS is also a router/switch so it will route traffic that does not match a virtual ip.

No need for acl [except maybe to permit the traffic if you had it denied].

Gilles.

Community Member

Re: CSS 11503 Bypassing Content Rules

Thanks Gilles,

Can CSS support the setup of 500 VIPs?

BR

Alan

Cisco Employee

Re: CSS 11503 Bypassing Content Rules

Alan,

yes, you can have 500 vips on a CSS.

Gilles.

Community Member

Re: CSS 11503 Bypassing Content Rules

Hi Gilles,

Thanks again for the feedback.

As I have no IP for the content defined, it'll try to match any IP. So I see two options now, given that I need to filter out approx 500 ip's from the "catch all" content rule.

1. Bypass using ACL and NQL have a single NQL with 500 IP host entries. Linking this to a single clause in the ACL assigned to the incoming interface.

2. Add 500 contents rules with each vip assigned into one content rule.

Would you agree that the better approach would be to use option 1 as it would contain less config?

BR

Alan

Cisco Employee

Re: CSS 11503 Bypassing Content Rules

Alan,

ok, I see the need for the bypass now.

I think that option 1 is much better.

Gilles.

149
Views
5
Helpful
5
Replies
CreatePlease to create content