EasyManua.ls Logo

Cisco ACE-4710-K9

Cisco ACE-4710-K9
418 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 4 Configuring Class Maps and Policy Maps
Class Map and Policy Map Overview
4-8
Cisco 4700 Series Application Control Engine Appliance Administration Guide
OL-11157-01
If none of the classifications specified in policy maps match, then the ACE
executes the default actions specified against the class map configured with the
class-default keyword (if one is specified). All traffic that fails to meet the other
matching criteria in the named class map belongs to the default traffic class. The
class map configure with the class-default keyword has an implicit match-any
match statement in it and is used to match any traffic classification.
For example, with the following classifications for a specific request, the ACE
att
empts to match the incoming content request with the classification defined in
class maps C1, C2, and C3:
host1/Admin(config)# policy-map type loadbalance first-match
SLB_L7_POLICY
host1/Admin(config-pmap-lb)# clas
s C1
host1/Admin(config-pmap-lb-c)# se
rverfarm SF1
host1/Admin(config-pmap-lb-c)# ex
it
host1/Admin(config-pmap-lb)# clas
s C2
host1/Admin(config-pmap-lb-c)# se
rverfarm SF2
host1/Admin(config-pmap-lb-c)# ex
it
host1/Admin(config-pmap-lb)# clas
s C3
host1/Admin(config-pmap-lb-c)# se
rverfarm SF3
host1/Admin(config-pmap-lb-c)# ex
it
host1/Admin(config-pmap-lb-c)# cl
ass class-default
host1/Admin(config-pmap-lb-c)# se
rverfarm SFBACKUP
If the match criteria satisfies, the ACE load balances a content request to
serverfarm SF1; if not, the ACE evaluates the match criteria in class map C2 and
class map C3. If the request does not match any of the classifications in class maps
C1, C2, or C3, then the class defined with the class-default keyword is guaranteed
to match because it contains a match-any match statement in it. This action results
in the ACE load balancing the request to the SFBACKUP server farm.
The ACE supports flexible class map ordering within a policy map. The ACE
e
xecutes only the actions for the first matching traffic classification, so the order
of class maps within a policy map is very important. The policy lookup order is
based on the security features of the ACE. The policy lookup order is implicit,
irrespective of the order in which you configure policies on the interface.
The policy lookup order of the ACE is as follows:
1. Access control (permit or deny a packet)
2. Permit or deny management traffic
3. TCP/UDP connection parameters
4. Load balancing based on a virtual IP (VIP)

Table of Contents

Related product manuals