- What's New for Cisco SD-WAN
- Policy Basics
- Cisco SD-WAN Policy Framework Basics
- Control Policies
- Data Policies
- Policy Basics CLI Reference
- Forward Error Correction
- Packet Duplication for Noisy Channels
- Integrate Cisco IOS XE SD-WAN Device with Cisco ACI
- Application-Aware Routing
- Traffic Flow Monitoring with Cflowd
- Lawful Intercept
- Policy Applications Using CLIs
Policy Applications Using CLIs
CLI commands for configuring and monitoring policy applications.
Application-Aware Routing Command Hierarchy
Configure and apply the policy on Cisco vSmart Controllers:
policy
lists
app-list list-name
(app application-name | app-family application-family)
data-prefix-list list-name
ip-prefix prefix/length
site-list list-name
site-id site-id
vpn-list list-name
vpn vpn-id
sla-class sla-class-name
jitter milliseconds
latency milliseconds
loss percentage
policy
app-route-policy policy-name
vpn-list list-name
default-action sla-class sla-class-name
sequence number
match
app-id app-id-name
app-list list-name
destination-data-prefix-list list-name
destination-ip prefix/length
destination-port number
dns (request | response)
dns-app-list list-name
dscp number
plp (high | low)
protocol number
source-data-prefix-list list-name
source-ip prefix/length
source-port number
action
backup-sla-preferred-color colors
count
log
sla-class sla-class-name [strict] [preferred-color colors]
apply-policy site-list list-name
app-route-policy policy-name
Cflowd Traffic Flow Monitoring Command Hierarchy
Configure on Cisco vSmart Controllers only:
policy
lists
prefix-list list-name
ip-prefix prefix/length
site-list list-name
site-id site-id
vpn-list list-name
vpn vpn-id
cflowd-template template-name
collector vpn vpn-id address ip-address port port-number transport transport-type
flow-active-timeout seconds
flow-inactive-timeout seconds
flow-sampling-interval number
template-refresh secondspolicy
data-policy policy-name vpn-list list-name
default-action action
sequence number
match
destination-data-prefix-list list-name
destination-ip prefix/length
destination-port number
dscp number
protocol number
source-data-prefix-list list-name
source-ip prefix/length
source-port number
action
count counter-name
drop
accept
cflowdapply-policy
site-list list-name
data-policy policy-name direction
cflowd-template template-nameLocal Internet Exit Command Hierarchy
Configure and apply a centralized data policy on the Cisco vSmart Controller:
policy
lists
prefix-list list-name
ip-prefix prefix/length
site-list list-name
site-id site-id
vpn-list list-name
vpn vpn-id
cflowd-template template-name
collector vpn vpn-id address ip-address port port-number
flow-active-timeout seconds
flow-inactive-timeout seconds
template-refresh secondspolicy
data-policy policy-name vpn-list list-name
default-action action
sequence number
match
destination-data-prefix-list list-name
destination-ip prefix/length
destination-port number
dscp number
protocol number
source-data-prefix-list list-name
source-ip prefix/length
source-port number
action
count counter-name
drop
accept
nat use-vpn 0apply-policy
site-list list-name
data-policy policy-name directionZone-Based Firewalls
policy
lists
prefix-list list-name
ip-prefix prefix/length
tcp-syn-flood-limit number
zone (destination-zone-name | source-zone-name)
vpn vpn-id
zone-to-no-zone-internet (allow | deny)
zone-pair pair-name
source-zone source-zone-name
destination-zone destination-zone-name
zone-policy policy-name
zone-based-policy policy-name
default-action action
sequence number
match
destination-data-prefix-list list-name
destination-ip prefix/length
destination-port number
protocol number
source-data-prefix-list list-name
source-ip prefix-length
source-port number
action
drop
inspect
log
pass
Feedback