Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Layer-7 Class-maps: 'not' match-any

Hallo All,

I'm wondering if the following logic is possible on the ACEs.

First Match is:

class-map type http loadbalance match-any CM7-MatchSrcIP
   10 match source-address 192.168.0.0 255.255.0.0
   20 match source-address 172.16.0.0 255.255.0.0

class-map type http loadbalance match-any CM7-URLs
   10 match http url /testing.*

class-map type http loadbalance match-all CM7-WWW
   10 match class-map CM7-MatchSrcIP
   20 match class-map CM7-URLs

If the above URL and IP sources are matched, I want to send to a specific SF. (easy enough)

If the URL matches /testing.* but source IP address doesn't match of any of the above subnets, I want to redirect to a 'restricted' page. (ummm)

If the URL is something else (e.g. /temporary.*) with any IP source address, I want it to be load-balanced by a different SF (say like in a class-default)

Thx in adv

David

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Layer-7 Class-maps: 'not' match-any

Hi David,

Sure you can try this on the ACE, you already created most of the configuration so now just need to apply the maps under the first-match policy.

According to your description this is how this policy should look like:

policy-map type loadbalance first-match SLB_LOGIC
  class CM7-WWW
    serverfarm Testing
  class CM7-URLs
    serverfarm Restricted
  class class-default
    serverfarm Any

- ACE checks for testing plus IP address matching.

- If user belongs to any other subnet then SF restricted is used.

- If none of the above statements is matched then defaul class map and SF is used.

Cheers!

__ __

Pablo


3 REPLIES
Cisco Employee

Re: Layer-7 Class-maps: 'not' match-any

Hi David,

Sure you can try this on the ACE, you already created most of the configuration so now just need to apply the maps under the first-match policy.

According to your description this is how this policy should look like:

policy-map type loadbalance first-match SLB_LOGIC
  class CM7-WWW
    serverfarm Testing
  class CM7-URLs
    serverfarm Restricted
  class class-default
    serverfarm Any

- ACE checks for testing plus IP address matching.

- If user belongs to any other subnet then SF restricted is used.

- If none of the above statements is matched then defaul class map and SF is used.

Cheers!

__ __

Pablo


Community Member

Re: Layer-7 Class-maps: 'not' match-any

Ah! Matching the URL without the source IP and because of the class-maps respective position it should match all-else.

Thank you for your helpful reply Pablo.

Cisco Employee

Re: Layer-7 Class-maps: 'not' match-any

And Bingo was his name-o  =)

Glad to help

__ __

Pablo

472
Views
4
Helpful
3
Replies
CreatePlease to create content