Solved: source ip filtering with class map on cisco ace30

fd_case17 · ‎07-16-2014

Hello ,

I would like to know if it is possible to filter source ips connecting to a virtual ip within a class map configuration ( or something else ) ?

access-list S_IP_FILTERING line 8 extended permit ip host 1.1.1.1 any

class-map match-all S_IP_FILTERING_XVIP

2 match access-list S_IP_FILTERING

3 match virtual-address 2.2.2.2 any

Error: Only one match access-list is allowed in a match-all class-map and it cannot mix with any other match type

thanks for your support

Case,

Alex Rickard · ‎07-17-2014

Hi,

Yes, it is possible to do this. Use the ACL filter for the source IP address under the policy-map type loadbalance. Then you would call that load balance policy in your multi-match policy under the appropriate class.

for example:

class-map type http loadbalance match-any LOADBALANCE-FILTER

2 match source-address X.X.X.X 255.255.255.255

class-map match-any TEST-CLASSMAP

2 match virtual-address Y.Y.Y.Y tcp eq www

policy-map type loadbalance first-match LOADBALANCE

class LOADBALANCE-FILTER

serverfarm TEST-SERVERFARM

policy-map multi-match UTC-PM

class TEST-CLASSMAP

loadbalance policy LOADBALANCE

loadbalance vip inservice

-Alex

View solution in original post

Alex Rickard · ‎07-17-2014

Hi,