SSL Client certificates for selected IP range

Hello all,

I'd like to require clients to authenticate by a certificate to access my
apache2. However, a selected 'trusted' ip range should not be required to
authenticate this way. I see there are ways to restrict client
authentication to a certain server directory, but is this also possible for
client addresses?

Plus, the server's certificate is signed by some public CA, but client
certificates would be issued by myself. I don't think the public CA would
authorize me as a sub-ca, so client and server certificates need to be
handled with different CA certificates. Any idea how to configure apache
accordingly?

These SSL-related files are currently provided (just for server
authentication):
SSLCertificateFile - public key & certificate issued by the CA
SSLCertificateKeyFile - private key of the server's certificate
SSLCACertificateFile - the CA's public key
SSLCertificateChainFile - CA certificates up to the root CA.
Is the SSLCACertificateFile really required in the current setup? Or can it
be replaced by my own CA for issuing client certificates without breaking
server authentication?

Best regards,
Erhard